This detection rule identifies instances where a user with administrator privileges accesses email messages within the Office 365 Security and Compliance Center. Leveraging the Threat Explorer premium feature could enable adversaries to misuse their privileged access to enumerate or exfiltrate sensitive email data. The rule relies on the O365 Universal Audit Log to track relevant activities, comprising operations where administrators access mailboxes. The analysis aggregates data regarding the accessed categories, user identifiers, and timestamps to monitor for any suspicious access patterns that might indicate misuse of admin permissions. Organizations need to ensure that only authorized personnel are given access to this premium feature to prevent potential data breaches.