Exchange Online sends its mailbox audit records to the Office 365 audit log. You can search the log to discover who deleted messages from mailboxes, normally only an issue when delegates are involved.
A demo to show how easy it is to use PowerShell to manage Office 365 Groups and Teams was progressing nicely at the UK Evolve conference when a problem happened with code that used to run perfectly. Sounds like a normal programming situation, but in this case, Microsoft had changed the format of Office 365 audit records for Azure Active Directory operations. That’s not so good. What’s worse is that some essential data is now missing from the audit records.
Records featuring an account called BOXServiceAccount appear in the Office 365 audit log. Not much information is available about the account, but it’s all OK because it’s used to assign administrative roles to Office 365 accounts.
Office 365 tenant administrators can use different ways to access user data. Shouldn’t you have a policy to govern that access?