What the hell is user: app@sharepoint ?

I am working as a cybersecurity analyst, and in our SIEM (Security Information and Event Management) system, I can see the user/account 'app@sharepoint' performing different actions (read, delete, modify, etc.). I know it is called a service account, but what is the purpose of it? The biggest question about it is that when I look into the IPs, I can see it making connections from Microsoft IPs sometimes, but other times it is performing activities from our users' computers. As …

account actions analyst app called cybersecurity cybersecurity analyst delete etc event event management information management performing purpose question security service sharepoint siem system what is working