Unusual user names being granted full access to mailboxes in OfficeActivity logs

Occasional Contributor

We are seeing logs in the 'OfficeActivity' table in Sentinel with usernames of the type 'NAMPRXXXXX\\$XXX-XXX' being granted full access permissions to mailboxes by admin users. This is not a valid username we are able to identify. 
I tried searching for these 'NAMPRXXXXX\\$XXX-XXX' usernames in  'OfficeActivity' table for the past 60 days with no other results. I am guessing these usernames are being generated dynamically. Is it possible to get more information on what these 'NAMPRXXXXX\\$XXX-XXX' usernames are and if they correspond to a valid user account ?  

1 Reply
best response confirmed by Trevor_Rusher (Community Manager)
Those are "internal" groups/accounts, you can ignore them.