The O365 backup runs with a service account that has extensive privilage to all O365 mailboxes. That's understandable. But what think is most scary, is that anyone that can logon to the server running the O365 backup can thus open a backup of any mailbox. This makes anyone who as access, a potential suspect in a data leak situations. I can see in the logs, that it states that the backup was opened, but not by whom or what was restored.
For my company - if the console would ask for a password of the service account each time it was opened, that would make it possible to audit, who made a lookup for the password. And of course if the O365 backup log, would note what user opened the console and what data was restored, would also be great.
What do you think?