With the correct permission the Threat explorer can be used to view any email in any user his mailbox. Its a very strong security toolt that allows you to "preview" and "download" any email that is still within the mailbox. In the wrong hand (insider threat), this legitemate securit could be easily abused.
You can find these actions in the logs, but Microsoft doesn't provide alerting by default to these actions. You can use the following KQL rules to create your own alerting.