Elastic Windows Event Explorer


Publisher - Microsoft-Windows-User Device Registration

Event ID 109

Message:

The NGC user ID key was successfully created. 
User SID: %{UserSid} 
IDP domain: %{IdpDomain} 
Tenant domain: %{TenantDomain} 
User ID: %{UserId} 
Flags: %{Flags}

Event Data:

# Name In Type
Out Type
1 UserSid win:UnicodeString xs:string
2 IdpDomain win:UnicodeString xs:string
3 TenantDomain win:UnicodeString xs:string
4 UserId win:UnicodeString xs:string
5 Flags win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: 5S3OZSF4H3DO6