Microsoft has released information on its Advanced Audit techniques used in its Microsoft 365 platform. Microsoft has exposed the MailItemsAccessed event that can help you determine if an attacker gained access to sensitive information and the extent of the breach. Microsoft 365 allows firms to retain audit logs in all Exchange, SharePoint and Azure Active Directory audit records for one year with the ability to increase that audit log retention for 10 years with a license add-on. If an attacker merely gained. access to email messages, the MailItems Accessed event will be triggered even if there is no overt evidence that the attacker read the email.”]
Source: https://www.csoonline.com/article/3608270/microsoft-365-advanced-audit-what-you-need-to-know.html