Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Unusual user names being granted full access to mailboxes in OfficeActivity logs

Copper Contributor

We are seeing logs in the 'OfficeActivity' table in Sentinel with usernames of the type 'NAMPRXXXXX\\$XXX-XXX' being granted full access permissions to mailboxes by admin users. This is not a valid username we are able to identify. 
I tried searching for these 'NAMPRXXXXX\\$XXX-XXX' usernames in  'OfficeActivity' table for the past 60 days with no other results. I am guessing these usernames are being generated dynamically. Is it possible to get more information on what these 'NAMPRXXXXX\\$XXX-XXX' usernames are and if they correspond to a valid user account ?  

1 Reply
best response confirmed by Trevor_Rusher (Community Manager)
Solution
Those are "internal" groups/accounts, you can ignore them.
1 best response

Accepted Solutions
best response confirmed by Trevor_Rusher (Community Manager)
Solution
Those are "internal" groups/accounts, you can ignore them.

View solution in original post