I have been tasked with scoping the capabilities for mailbox auditing within Office 365. We have had a few email breaches through phishing attempts and wanted to consider turning on auditing for all mailboxes as we move them into the cloud. I see with Office 365 we have the option to turn mailbox auditing on (off by default) on a per mailbox basis and can set the retention period (90 days by default). What are the repercussions (if any) of doing this across the environment for all mailboxes? I know locally we would be limited by resources of our exchange servers, but not sure how that changes in scale once we move them to the cloud. We have ~20000 mailboxes that will end up in our Office 365 instance. I also haven't seen a limit to the retention period that Microsoft allows for the mailbox auditing. Can anyone answer these questions or at least point me in the right direction?