Microsoft Office 365 allows administrators to access full activities and security logs for all activities that happen in your Office 365 subscription. Unfortunately, these logs are not enabled for you by default. That means if there is a security incident - like an email inbox being accessed by an attacker - you will not have any logs to search on.
Fortunately, this is easy to address:
- Log in to your admin panel of your Office 365 Account
- Go to "Security & Compliance", under "Admin Centers" on the left-hand admin bar
- Select "Audit Log Search" under "Search & Investigation" on the left-hand admin bar of the Security & Compliance screen
- Enable the Audit Logs by clicking the link on the top of the resulting search screen. If you have no "enable" link, Audit Logging is already configured.
After you enable audit logging you will be able to search for all activity that has occurred in your Office 365 subscription from that point further. Unfortunately no audit log data will be available for time periods before you enable this feature.