BOXServiceAccount is added to a role in Office 365 alerts


Office 365 ProPlus is being renamed to Microsoft 365 Apps for enterprise. For more information about this change, read this blog post.


You receive Microsoft Office 365 security alerts (configured in the Security Compliance Center) that state that the BOXServiceAccount is added to a role.

This is an example of such an alert: is added to DomainName.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/ name.


This is by design.


After a tenant administrator assigns an Exchange administrator, Skype for Business administrator, or SharePoint administrator role to a user in the Office 365 portal, the Office 365 portal uses a built-in account (BOXServiceAccount) to add the user to the View-Only Organization Management Role Based Access Control (RBAC) group.

To see the actual audit log, you can either use Search similar activities in the Office 365 alert detail activity list view or do a free-text search for "BOXServiceAccount" directly from the Audit log search page.

More information

Still need help? Go to Microsoft Community.