![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 84%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
25,178 questions
Hello @Gerald Madla,
Thank you for posting your query on Microsoft Q&A.
Yes, ADIbizaUX is indeed a part of Microsoft Graph and Sync, as explained in the following Q&A: link.
Based on your statement, I understand that you're encountering successful sign-in logs related to ADIbizaUX, and you wish to determine if this is expected behavior or if it indicates a potential compromise of the user's account.
This behavior is expected. When users log into the Azure Portal, interactions with ADIbizaUX logs are triggered due to backend resources. However, to ensure security, I recommend verifying the post-sign-in logs of the user to check for any other potentially suspicious activity beyond interactions with the ADIbizaUX application.
Please refer to the screenshot from my test tenant, where a user signed into the Azure Portal, triggering the ADIbizaUX application in the interactive sign-in log.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
Thanks,
Raja Pothuraju.
If this answers your query, do click **Accept Answer** and **Yes** for was this answer helpful. And, if you have any further query do let us know.