Forum Discussion

Princely's avatar
Princely
Copper Contributor
Aug 25, 2021

Unusual user names being granted full access to mailboxes in OfficeActivity logs

We are seeing logs in the 'OfficeActivity' table in Sentinel with usernames of the type 'NAMPRXXXXX\\$XXX-XXX' being granted full access permissions to mailboxes by admin users. This is not a valid username we are able to identify. 
I tried searching for these 'NAMPRXXXXX\\$XXX-XXX' usernames in  'OfficeActivity' table for the past 60 days with no other results. I am guessing these usernames are being generated dynamically. Is it possible to get more information on what these 'NAMPRXXXXX\\$XXX-XXX' usernames are and if they correspond to a valid user account ?  

Resources