Useful guide to monitoring O365 infrastructure

https://medium.com/falconforce/reducing-your-office-365-attack-surface-99830a654d0

CISA's guide to "Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments"

https://us-cert.cisa.gov/ncas/alerts/aa21-008a

A handy guide to the hideous mess that is O365 logging

https://thecloudtechnologist.com/2021/10/15/everything-you-wanted-to-know-about-security-and-audit-logging-in-office-365

Detecting the Golden SAML attack

https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html