MS Teams Auditing for IT Pros – “Easymode”

I bring you a best practice that we often use in testing environments but can prove valuable in production as well.

The idea is to create an Alert Policy for all (or some) Microsoft Teams operations.

This is great if you want to monitor Microsoft Teams management easy and quickly without having to go through the portal, and Audit Logs. In a quickly searchable manner, within Microsoft Teams.

First of all, we should define the structure we will use for our group and channels for ease of access.

Example:

As you can see, I use 3 isolated channels within 1 single Team, as not to clutter one single channel too much with all operations in it.

First of all, you should get the E-mail addresses for the channel(s) you create for this effect:

Once you have that we can start with creating the actual Alert Policies:

1. Go Through the O365 Portal (https://portal.office.com/)
2. Access Admin -> Admin Centers -> Security & Compliance

3. In the Security & Compliance center go through the options
4. Search & Investigation -> Audit Log Search -> + New alert policy

5. Next we will customize the Alert for our needs
6. Make sure to paste the Channel E-mail address in the recipients.

7. Another important note is the scope of this Alert.
In my example above, I created separate alerts, based on the activity scope, and channels.

You’re all done! All that’s left is to save the policy and wait ~24 hours for it to be applied.

The best thing about these logs is it will de-clutter your mailbox for sure with n need to stress it in case you have a huge company, without the need to set up Exchange Rules, folders for each type of audit, or the need to manually set up a new search.

You can also customize the reports at your will. For example, have a channel for all user changes, another for all groups, other for channels, etc etc… 😊

All the best!

Marco Carampanta