Requestor upn is missing in azure file share event data

Naija R C 0 Reputation points
2023-01-23T13:42:02.7733333+00:00

Hi,

I am looking for retrieving user information from the REST API azure file share event's JSON object.

The required user details can be found using the Requestor/UPN value.

Reference link: documentation for Azure Files monitoring data reference

But while getting the REST API azure file share event's JSON object , I am not getting the Requestor/UPN value. So, What is the way to get Requestor/UPN parameter value in my event details? How to do that?

I have given the sample event details which I got for create file share event:

Create REST API event:

{
  "time": "2023-01-19T06:43:07.2821147Z",
  "resourceId": "XXXXX",
  "category": "StorageWrite",
  "operationName": "CreateFile",
  "operationVersion": "2015-02-21",
  "schemaVersion": "1.0",
  "statusCode": 201,
  "statusText": "Success",
  "durationMs": 76,
  "callerIpAddress": "XXXXX",
  "correlationId": "XXXXX",
  "identity": {
    "type": "SAS",
    "tokenHash": "key1(XXXXX),SasSignature(XXXXX)"
  },
  "location": "East US",
  "properties": {
    "accountName": "testaccount",
    "userAgentHeader": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36",
    "referrerHeader": "XXXXX",
    "clientRequestId": "XXXXX",
    "etag": "XXXXX",
    "serviceType": "file",
    "objectKey": "/testaccount",
    "lastModifiedTime": "1/19/2023 6:43:07 AM",
    "metricResponseType": "Success",
    "serverLatencyMs": 66,
    "requestHeaderSize": 932,
    "responseHeaderSize": 330,
    "tlsVersion": "TLS 1.2",
    "accessTier": "TransactionOptimized"
  },
  "uri": "XXXXX",
  "protocol": "HTTPS",
  "resourceType": "Microsoft.Storage/storageAccounts/fileServices"
}
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,799 questions
Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,162 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,687 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,427 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,458 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SaiKishor-MSFT 17,181 Reputation points
    2023-01-23T23:10:13.3333333+00:00

    @Naija R C we will only gather the UPN in certain criteria. In general, you should use callerip to track back down to a specific workstation. "

      "callerIpAddress": "XXXXX",

    If the user used SAS, they'll see an IP address. You'd get a UPN if using a supported Authentication type that pulls UPN like ADDS or AADDS, etc. If you connect via storageaccount/key or SAS then you'll get the Caller IP address.

    Hope this helps. Please let us know if you have any more questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.