Hi @Mohammed Hashim ,
The administrator's activities can be found in EAC(Click “compliance management- auditing”).
While we prefer to use the more powerful EMS to search the logs In general.
We can use the cmdlet search-adminauditlog in Exchange Management Shell to search for the events.
Below is an example:
Disable the mailbox named 16user01:
Search the cmdlets for disable-mailbox:
Mailbox audit logging can record user actions (for example, accessing, moving or deleting information) that are specified in the login type (administrator, authorised user or owner). If mailbox audit logging isn't enabled(by default it is not enabled) for a mailbox, you won't get any results for it when you search related logs.
Below is an example:
Enable mailbox audit logging for liang01:
Search mailbox audit log and it returns the events that show the administrator accessed liang01's mailbox and sent email:
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
1: https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html