![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 0%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA8%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,065 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Acuriouscase-8163 Thank you for reaching out to us, As I understand you would like to know why the User field is showing as Object ID or GUID instead of the user principal name.
Here are the few common reasons why user field is showing as object id or GUID in the sign-in report instead of the user's UPN:
- When a user is unauthenticated and is not yet signed in, interrupt user flow - error 50058 - UserInformationNotProvided - Session information isn't sufficient for single-sign-on. This means that a user isn't signed in. This is a common error that's expected when a user is unauthenticated and hasn't yet signed in. - AADSTS50058
- If the User is showing as "00000000-0000-0000-0000-000000000000", then it could be due to Tenant Restrictions.
- If the sign-in has not been fully aggregated with MFA data. If looking at the sign-in within a few minutes of sign-in, there could be an incremental state where we have not resolved the user DisplayName. Waiting a few minutes should show the correct results. The data should be fully aggregated within few hours, although it typically happens much quicker than that. This may be seen for 50074 interrupt events.
- When a user tried to initiate a connection from Windows laptop, but purposely cancelled from his mobile by choosing “No, It’s not me” option, sign-in log would show the username as object ID. When our service is unable to resolve the UPN of a user due to an interrupted or failed sign in, it may display an object ID instead.
Hope the above reasons answers your query, let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.