Forum Discussion
Adrian Hyde
Apr 10, 2018Steel Contributor
Elevation of Exchange admin privilege Alerts
Does anyone else get these alerts? From what I have been able to gather thus far, this BOXServiceAccount is used by Microsoft for management of the mailboxes and exchange servers. What I haven't figured out is whether I should be concerned about these or what it means for our security footprint.
A low-severity alert has been triggered
Elevation of Exchange admin privilege
Severity: — Low
Time: 4/10/2018 1:26:11 PM (UTC)
Activity: GrantAdminPermission
User: BOXServiceAccount@namprd05.prod.outlook.com
Details: GrantAdminPermission. This alert is triggered whenever someone in your organization becomes an admin or gets new admin permissions.
- I opened a support case, and was basically told it was safe to ignore since it is a back-end process. Unfortunately no additional details.
- Saurav_JhaCopper Contributor
Do you get any ideas about this at that time?
I already configured this privilege?
Severity Low
Time Nov 12, 2019 12:15:00 PMActivity Granted Exchange admin permissionActivity count 1DetailsThis alert is triggered when someone in your organization becomes an Exchange admin or gets new Exchange admin permissions -V1.0.0.1By the time this alert was triggered,email is hidden performed Granted Exchange admin permission 1 time - Deleted
Your answer is here: https://support.microsoft.com/en-us/help/4039823/boxserviceaccount-is-added-to-a-role-in-office-365-alerts
Regards
It looks like some server workflow, I'm almost certain we should not be getting such events. Reports it on the UPP network?
- Adrian HydeSteel ContributorI opened a support case, and was basically told it was safe to ignore since it is a back-end process. Unfortunately no additional details.