Aug 25 2021 01:20 PM
We are seeing logs in the 'OfficeActivity' table in Sentinel with usernames of the type 'NAMPRXXXXX\\$XXX-XXX' being granted full access permissions to mailboxes by admin users. This is not a valid username we are able to identify.
I tried searching for these 'NAMPRXXXXX\\$XXX-XXX' usernames in 'OfficeActivity' table for the past 60 days with no other results. I am guessing these usernames are being generated dynamically. Is it possible to get more information on what these 'NAMPRXXXXX\\$XXX-XXX' usernames are and if they correspond to a valid user account ?
Aug 25 2021 11:31 PM
SolutionAug 25 2021 11:31 PM
Solution