Mar 06 2024 12:20 AM
Hello there,
While creating alerts for group membership update using AzureDevOpsAuditing table in Sentinel, we observed logs for user addition/removal from certain groups where ActorDisplayName displays "Azure DevOps Service". I believe this is a service and not a username/account.
On checking with the team doing these changes, they confirmed they haven't done such activity wherever displayname is this account. In what cases will the DisplayName be captured as "Azure DevOps Service"?
Mar 06 2024 01:10 AM
Mar 06 2024 01:21 AM
Mar 06 2024 03:06 AM