Content Search and eDiscovery-related activities that are performed in Office 365 Security & Compliance Center or by running the corresponding Windows PowerShell cmdlets are logged in the Office 365 audit log. This includes the following activities:

  • Creating and managing eDiscovery cases

  • Creating, starting, and editing Content Searches

  • Performing Content Search actions, such as previewing, exporting, and deleting search results

  • Configuring permissions filtering for Content Search

  • Managing the eDiscovery Administrator role