The unified audit log (protection.office.com/unifiedauditlog) is where users with the Exchange Online View-Only Audit Logs or Audit Logs role (granted by default to users with the Compliance Management, Organization Management, or Global admin roles) can view and search activity logs collected across Microsoft 365:

1. Go to Audit Logs (Office 365 Security & Compliance | Search | Audit log search).
2. Select Activities (there are around 500 to choose from).
3. Select the beginning and end dates and times to include.
4. Select Users or leave it blank for all users.
5. If you are narrowing to a specific filename or folders with a keyword, you can enter that.
6. Click Search to return results, or you can use your configured search to create an alert policy.

7. If you run a search, you can then filter results further by any of the column headers or export the results as a CSV file:

As you can see, it's easy to get custom reports and find exact details for certain events, and, with the alert policy option, we can make sure we're notified instead of needing to comb over the report regularly.

In the last section, let's take a brief look at the audit and sign-in logs provided by Azure AD.