Hi @Luc Messier Thanks for reaching out. From the description in understand that you have noticed unauthorized calls for an api when you analyzed further you got to know that the requests are made by the anonymous users under analytics blade, and you wanted to know the configurations of anonymous users
You can log the user activity in API Management by enabling Azure Diagnostics please refer this doc for more information https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?WT.mc_id=Portal-Microsoft_Azure_Monitoring&tabs=portal
The Analytics blade in its current implementation is only capable of identifying users based on the Subscription key provided with the incoming API call. If there is no subscription key or its not associated to an API Management developer account (In Azure Portal, go to "Users" , select a user and click on 'Subscriptions" to see subscriptions associated with a user), the request will be considered anonymous.
If the incoming request is using a subscription key that belongs to a user, APIM will emit userId to Log Analytics. If the subscription key of incoming request is not tied to a user, no user id is emitted.
]2
let me know incase of any clarifications i would be glad to assist you.
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.