The Incidents> User Activity > Activities page provides a weekly timeline or location view of the threat activity within your organization. It can be used to monitor the activity of the users within your organization and detect risk trends for the entire organization over time.
You can leverage the Activities view to gain insight into your organization’s use of Microsoft Dynamics 365, breaking down individual usage over activity, time, users, and role development. Additionally, when a specific anomaly has been detected, the activity screen allows an administrator to drill down into all other activities that have occurred around the same time as that activity, or by the same user; this is especially useful in cases of suspected security breaches. Lastly, because your users with administrative access have the greatest access to sensitive data and user information, the activity screen spotlights actions taken by these privileged users. For details, see About Activities.