New Admin account activity seen in O365, not seen before
This will help you discover any new admin account activity which was seen and were not seen historically. Any new accounts seen in the results can be validated and investigated for any suspicious activities.
Source: Github - Microsoft
Elevation of Priviledge
MITRE ATT&CK Tactics
Approve operational change
Review identified AD account and validate the if this is a permitted action in your organization.