Starting February 1, Microsoft will add auditing to track mail reads by default. This has long been a key request from forensic investigators to assist in mail investigations. If you find that auditing is not enabled, enable it as soon as possible. Once you have enabled the auditing, it takes a few hours before its active. Admins must have rights assigned to review audit logs in the Exchange Admin Center. You can also set up alerts for activity in this area as well.”]
Source: https://www.csoonline.com/article/3333004/how-to-enable-audit-logs-in-microsoft-office-365.html