o365 using invalid field values according to ECS

`[0] parsing field value failed: field "event.type"'s value "authentication_failure" is not one of the allowed values (access, admin, allowed, change, connection, creation, deletion, denied, end, error, group, indicator, info, installation, protocol, start, user)`
"authentication_failure" => "access", and use "event.outcome" to indicate the failure.

Part of #3016 