Auditing reports in standalone EOP
In standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, auditing reports can help you meet regulatory, compliance, and litigation requirements for your organization. You can obtain auditing reports at any time to determine the changes that have been made to your EOP configuration. These reports can help you troubleshoot configuration issues or find the cause of security-related or compliance-related problems.
There are two auditing reports available in standalone EOP in the Exchange admin center (EAC):
Administrator role group report: The administrator role group report lets you view when a user is added to or removed from membership in an administrator role group. You can use this report to monitor changes to the administrative permissions assigned to users in your organization. For more information, see Search the role group changes or administrator audit logs in Exchange Online.
Admin audit log: The admin audit log records any action (based on standalone EOP PowerShell cmdlets) by an admin or a user with administrative privileges. For more information, see View the admin audit log in Exchange Online.