To audit Office 365 user’s all successful and failed logon attempts, PowerShell is the best solution. Even if you use filters to get failed login attempts, you can’t export those failed login attempts alone.
It won’t track failed Office 365 user’s login attempts. But in the Security and Compliance Center, you can get a history of successful login attempts alone. To get Office 365 User logon history, you can use either Office 365 Security and Compliance or PowerShell.
Tracking Office 365 user’s login activities is a crucial one in detecting potential security breaches and suspicious behavior. Logons are the one common activity in most attack patterns.