Forum Discussion
Princely
Aug 25, 2021Copper Contributor
Unusual user names being granted full access to mailboxes in OfficeActivity logs
We are seeing logs in the 'OfficeActivity' table in Sentinel with usernames of the type 'NAMPRXXXXX\\$XXX-XXX' being granted full access permissions to mailboxes by admin users. This is not a valid username we are able to identify.
I tried searching for these 'NAMPRXXXXX\\$XXX-XXX' usernames in 'OfficeActivity' table for the past 60 days with no other results. I am guessing these usernames are being generated dynamically. Is it possible to get more information on what these 'NAMPRXXXXX\\$XXX-XXX' usernames are and if they correspond to a valid user account ?
- Those are "internal" groups/accounts, you can ignore them.
- Those are "internal" groups/accounts, you can ignore them.