Microsoft Entra sign in logs show you who logs onto your office 365 / Graph.microsoft.com account. Graph.microsoft is the heart of your online applications. If the hacker generates an AI generated Authorization / Access Token they might get in. Once they are in they can add a device and use Microsoft Powershell to connect to graph.microsoft.com. There they can read your emails, create email rules and send out emails to your contacts. By creating conditional access rules in Microsoft Entra you can protect yourself. You can add a geographical fence or you can say only allow adding new devices when the user has the following ip address.
A bit thanks to Microsoft Intrusion Detection Team, you guys are the best!