Elevation of Exchange admin privilege Alerts

Adrian Hyde
Regular Contributor

Does anyone else get these alerts?  From what I have been able to gather thus far, this BOXServiceAccount is used by Microsoft for management of the mailboxes and exchange servers.  What I haven't figured out is whether I should be concerned about these or what it means for our security footprint.


A low-severity alert has been triggered

Elevation of Exchange admin privilege

Severity: — Low

Time: 4/10/2018 1:26:11 PM (UTC)

Activity: GrantAdminPermission


Details: GrantAdminPermission. This alert is triggered whenever someone in your organization becomes an admin or gets new admin permissions.

3 Replies

It looks like some server workflow, I'm almost certain we should not be getting such events. Reports it on the UPP network?

I opened a support case, and was basically told it was safe to ignore since it is a back-end process. Unfortunately no additional details.