Site icon TheWindowsUpdate.com

About The Authorization Events in AppServiceAuditLogs

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Customers may see such authorization events in App Service -> Monitoring -> Logs -> AppServiceAuditLogs, and be puzzled by these entries.

Resource field value is your app service web app name, and the User account of KUDU line is '$' plus your app name.

The User account of AAD line is 10032*****, totally 16 digit number. This is the Net ID of your logged in AAD account.

You can query the 'UserDisplayName' column  to display the readable user account name of this NET ID. 

 

What's that? 

These are the authentication and authorization events when accessing the KUDU site(the .scm site) by Web browser.

Refer to https://github.com/projectkudu/kudu/wiki/Accessing-the-kudu-service

When access to SCM site, the scm service requires authentication and authorization.

 

Authentication 

There are 2 authentication mechanisms.

 

What Kind of User Operations Trigger Kudu Authorization Events?

For example, visit Settings -> Web Jobs, Development Tools -> Extensions, API -> API management, Process Explorer and Metrics under Monitoring, etc on Azure App service Portal  https://ms.portal.azure.com/,  it will trigger such kind of below requests to the Kudu/SCM service. And these requests will default log in to Kudu with the user's AAD account. 

 

 

 

 

 

 

 

 

Exit mobile version