After you enable Advanced Security Management and set up alerts in Office 365, learn what's happening in your Office 365 environment by looking over and investigating activities and accounts in the Activity log.
Reviewing the information in your organization while keeping the following questions in mind can help you decide if you can take any additional steps to help protect your organization from risk. You'll review this information in Advanced Security Management in the Security & Compliance Center.
In the Security and Compliance Center, chooseAlerts > Manage advanced alerts. Click Activity log and review activities for the following information.
Who is accessing your Office 365 environment?
What are the IP ranges from which people are accessing your environment?
What is the admin activity?
From what locations are admins connecting?
Are failed logins coming from expected IP addresses?
Advanced Security Management (help and how-to)
Opt-in steps for Advanced Security Management
Create activity policies and alerts in Advanced Security Management
Create anomaly detection policies in Advanced Security Management