A user agent is a computer program representing a person, for example, a browser in a Web context.
Besides a browser, a user agent could be a bot scraping webpages, a download manager, or another app accessing the Web. Along with each request they make to the server, browsers include a self-identifying User-Agent HTTP header called a user agent (UA) string. This string often identifies the browser, its version number, and its host operating system.
Spam bots, download managers, and some browsers often send a fake UA string to announce themselves as a different client. This is known as user agent spoofing.
A typical user agent string looks like this: "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0".
In addition, could you also provide us with some more detailed information about Delve may be but it should not be using my account ”? Thanks for your feedback, it helps us improve the site.
In reply to Allan Lu MSFT's post on September 20, 2016, Yes obviously I didn't open any of the documents through Office Online or app launcher or any other means, but they are still in the Audit logs hence the concern. I noticed on my Delve profile that some docs in the audit logs are shown as “Popular Documents” which others in the company are working on but I did not click on them or access them.
If Delve is accessing them on my behalf it should use a system account, and they shouldn't show up as accessed by my account in the Audit logs. Having so much spurious content in the audit logs defeats the purpose of auditing.
BTW I also tried to change my password and within a few seconds the Audit log was full of entries about my account accessing documents that I'm not even aware of exist. So its definitely some Microsoft process doing something unexpected in the back.
Thanks for your feedback, it helps us improve the site. User's post on January 12, 2017, The user agent in the audit log is provided by the client or browser.
When a file in the SharePoint Online site or your OneDrive for Business is opened in the browser with your account, you may see the user agent : MS WAC. You may edit or open a file in the browser with your Office 365 work or school account, and then get the audit logs to see the details.
Replied on January 13, 2017In reply to Felix Tao MSFT's post on January 13, 2017, That is helpful, but the concern is the log showing several occurrences of Accessed File (with a Microsoft IP address) and FilePreview (with my own IP address) by my user ID, all with the same date and time. I did not perform these actions.
Is there some background process or something I may have clicked that creates these events? Thanks for your feedback, it helps us improve the site.
In reply to Felix Tao MSFT's post on January 13, 2017 “Felix Tao MSFT” if you review the thread you will see that it has been clarified multiple times that I (user whose account shows in the log) did not access or open the files reported in the logs in any way. It is most likely a Delve bug where it basically determines files I may be interested in and shows them on the Delve page, and they end up in the logs WITHOUT my opening them.
Thanks for your feedback, it helps us improve the site. In reply to RahulKapoor's post on January 13, 2017, We need your tenant information, so we can involve the related team to look into this.
The following illustration shows the typical resulting dialog box from Internet Explorer 8 running on Windows 7. Based on the reported version of the browser, the client-side or server-side programming logic takes a different action.
Office 365 Peoples is being renamed to Microsoft 365 Apps for enterprise. When you pull the unified audit log from the Office 365 Security & Compliance Center for successful or failed sign-i, you see the following value for the Sergeant property.
In this particular case, it indicates that you use a legacy protocol such as POP or IMAP to access your mailbox. Basic authentication in Exchange Online accepts a username and a password for client access requests.
It's easy to search the millions of user agents we've got with the API. We've had to do this because otherwise we get constantly overrun by inconsiderate or malfunctioning bots which overload the system.
As such, we're forced to block traffic from popular web hosting companies, VPNs and Proxies, we also rate limit requests and have some other checks too. If you need to get access to the listings of user agents you can either get them in an easy-to-use database download or via the API.
Rv: gecko version indicates the release version of Gecko (such as 17.0 “). The Chrome (or Chromium/Blink-based engines) user agent string is similar to Firefox’s.
For compatibility, it adds strings like HTML, like Gecko and Safari. The Opera browser is also based on the Blink engine, which is why it almost looks the same, but adds “Or/
In this example, the user agent string is mobile Safari’s version. I exported the audit report of SharePoint Online and checked which device the user was logged in with, I found two unknown devices.
I want to know What kind of device that the user had used for accessing Office 365 according to the below two parameters in audit log. Sergeant strings come in all shapes and sizes, and the number of unique user agents is growing all the time.
If you need to integrate the user agent parser directly into your website or system then it's very simple to use the API. This will let you do things like advanced filtering and searching, identify trends in user agents, perform statistical analysis and other interesting applications.