Re-enable the Exchange Online Activities API (Magic Unicorn)
Please re-enable the Exchange Online Activities API that allows for forensic investigation of Business E-mail Compromise incidents.
Business E-mail Compromise is a very serious and active threat for all organizations. By default, Office 365 provides very little auditing capability to investigate this type of incident. Exchange Online mailbox auditing must be proactively enabled by the customer before the breach if they wish to get this level of auditing data.
On June 18, 2018 it was publicly discovered that Microsoft does maintain this audit data even without the customer enabling it. It was available to all Office 365 customers via this API until Microsoft disabled access on July 6, 2018.
Please re-enable access to this API and stop withholding essential audit data from your customers.