These audit & monitoring controls for this cloud based implementation of Microsoft OFFICE are excellent. 

Resisting Business Email Compromise Attacks on Office 365 Users

Administrators can create activity alerts or alert policies in the Security and Compliance Center to look for specific events in the Office 365 audit log and warn when these events happen. Although the alerts can only sound after an event occurs, it is still useful to know when something happens.

Office 365 is a complex suite of applications and its management is complex too (something that Microsoft could improve), but there’s lots of ways to use the data already available to you to resist the kind of attacks contemplated in the recent revelations. Remember, being proactive is always better than being reactive when it comes to security.

Some key security/privacy defense strategies

1. Be Proactive Rather than Reactive
2. Use multi-factor authentication (MFA) for user accounts
3. Make sure that auditing is enabled for all mailboxes
4. Stop email forwarding outside the organization
5. Review failed login attempts
6. Check when accounts log in from unfamiliar countries
7. Use Activity Alerts or Alert Policies to Report Audit Events
8. Use Azure Information Protection to encrypt communications
9. Stay Calm and Stay Focused by being Pro-active