question

Tom1122233 avatar image
0 Votes"
Tom1122233 asked vipulsparsh-MSFT answered

User sign in IP address is being partially sanitzed

Hi, in the AD user sign in logs, I'm seeing a user attempt to sign in from an IP address that looks like the last digits are being sanitized. So for example the IP looks like this "192.168.0.XXX". I've tried to lookup why it might be replacing the end digits with X's but I've come up short. It only happens when the status is "interrupted" (but not everytime it's interrupted). It also displays the username as the user ID in these rows as well, instead of their actual name. Does anyone know why this may be happening?

azure-active-directory
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Tom1122233 Checking on this, will update soon.

1 Vote 1 ·

I'm curious on this one too. We have noticed it today but after reviewing the logs it appears this "sanitation" has been occurring for about a month.

0 Votes 0 ·

1 Answer

vipulsparsh-MSFT avatar image
1 Vote"
vipulsparsh-MSFT answered

@Tom1122233 @diegotco Apologies for delay on this one.

If the user is a guest user, or in certain scenarios we redacted the PII information from IP address, Device ID or display name.
That is why you see that IP address being sanitized.

In case of user ID, if there was a sign in interruption and we did not get to the stage to translating the Object guid to UserPrincipalName , we just reflect the Object ID.
Also if there are MFA scenarios where few times it might take up to 10 minutes for the logs to show the actual UPN, earlier log might show guid, but once we resolve it to UPN, the newer logs will show the UPN as well.



Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.