We have just enabled streaming of Azure Active Directory audit logs into Advanced Hunting, already available for all customers in public preview.
These logs provide traceability for all changes done by various features within Azure AD. Examples of audit logs include changes made to any resources within Azure AD like adding or removing users, apps, groups, roles and policies.
At the moment, the data ingestion has a dependency on MCAS, so customers that have MCAS with the Office365 connector connected will be able to see this data. Our intent is to expand availability to more Microsoft 365 Defender customers going forward.