Office 365 and all related services have various forms of auditing options, it’s a pain to monitor and configure them all.
A while back, Microsoft unified these auditing logs into the Unified Audit Log. The Unified Audit Log for Office 365 is super easy to configure.
For all my customers I always enable this free feature, it is pretty much the only way you can have a RPO of 0 when you need to undo changes / deletes or restore data, and gives you a very nice and compliant audit log of everything your users and admins do in your environment.
In addition, it allows me to help you automatically reverse nasty CryptoLocker actions like mass file and folder renames and restore previous versions in bulk.
edit: you can also enable the audit log programatically