I've seen multiple occurences in the Azure signin logs where
user.name was not populated. Those documents always have an
"field [message] already exists".
This seem like a bug.. The message field in those documents apparently has the same value as the filed
azure.signinlogs.result_description, for example
"Users' needs to enroll for second factor authentication (interactive)."
Sounds like a bug in the pipeline to me, ok if I make a GH issue?