Office 365 securlet may list activity performed by the user app@sharepoint instead of the user that performed the action.
The action will show in DLP as having No Name for the user when reported in CASB as app@sharepoint.
The app@sharepoint user is a service user used by Sharepoint. If the user that performed an activity does not have a valid license for Sharepoint, then CASB cannot sync the subscription for that user into CloudSOC.
Verify users in CloudSOC have a license in Office 365 for Sharepoint