I am in the prosses of starting to work to move to Exchange Online from Exchange 2016. As a part of that, we have 2 Licenses types that we have purchased E3 and F3. I am working to figure out what license users/roles should be assigned. One of the data points I would like to review is who is accessing their mailbox via the Outlook Client.  The MAPIHttp log looks to have that info. I am wondering if there is any public documentation on the logfile and what's all captured. The field I am really interested in is the Operations field.  I am hoping that the Operation of OwnerLogon* is an indication of a user being authenticated but would like more details as i see there can be back to back auths with different LogonIDs.
Thanks in advance.