With the ever-increasing number of services and features in Office 365, keeping up with all the changes can be a challenge. Keeping an eye on all the different ways a user can do harm, either willingly or by mistake, is not an easy task, either.
While the on-premises versions of Exchange and SharePoint do offer some form of auditing, many organizations were surprised to find out that things were quite different after their move to the cloud. There was barely any auditing in the beginning, even for tasks performed by administrators, and in other areas it was very limited. (For example, until recently, auditing owner actions was not possible in Exchange Online). It took several years for Microsoft to address those issues, but now we have a role-based, searchable, exportable, unified log across (almost) all Office 365 workloads and operations, as well as the corresponding APIs. In case you are not familiar with the unified audit log, this article is a good starting point.