Microsoft Teams and Channel Management: Audit
Microsoft Teams is surging forward in popularity with many organizations. The promises of self-organizing groups, deep integrations with other applications, and, with voice and video calling is definitely worth exploring for customers who are using Office 365.
It’s the self-organizing part that I’d like to look at today, and how that is reflected in audit events in Microsoft Office 365.
Microsoft Teams has the ability to make one or more people administrators of a Team. These people will often not be IT people, they’ll be embedded in the day to day workings of the team. These administrators have the ability to manage the membership of the team and to make other adjustments to the user experience. They can create new channels within the team, rename them and delete them. At the level above that it’s possible for IT administrators to allow the creation of new Teams by people in the organization.
This can be a bit of change or challenge to many IT organizations used to having to create everything for users, groups, and teams of people.
If people in the organization are creating stuff, how do you see what is being created by whom?
Well, you can take a long hard look at audit events. With our Audit & Compliance module they’re pretty easy to digest and understand, and if people are mis-using the creating, option setting, and deleting of Teams and channels then it might be something that you want to educate people about.
Before we dig into looking at the specific events if you want to know about our Audit & Compliance module take a look on our website. There is information on there about how to perform searches against the audit data that is collected, along with videos showing you some use cases. Each of the activities I’ll describe below in relation to Teams can be searched for specifically by the ‘Activity’ drop down list, or you can do more general searches.
Now let’s look at the events that can be generated:
The important things about creating a team are who created it, what name did they give it and when did they do it. This is all neatly contained in the audit event, as can be seen here:
Team deletion is similar:
Channels, within a team, help to separate out the information into, well, ‘thought’ or discussion channels. A single channel team can be quite noisy, especially if there are a lot of team members. You can have many channels in a Team, and you always start with one called General. The channel creation events look like this when I created a channel called ‘Test’ within ‘Team Delta’:
Channel deletion events are very similar:
There are many settings which can be customized by an administrator of a Team, and the level above that, the IT person, can affect what settings are available to administrators of a Team. These are split into different audit events and you can search across one or all of them from our dropdown list:
When settings change, events are recorded that look similar to this:
They have that pattern of ‘the setting which is being changed’ (called ‘name’ in the screenshot), the old value, and the new value. They also have the person that did the change, date and time as you’d expect.
Overall Microsoft has done a great job in providing these auditable activities so that you can check on who is doing what in your Teams organization. You can also see we’ve done a great job in providing quick, easy access to this information in our Audit & Compliance module. In this simple walk through I performed generic searches against the activities, but I could also search for these events generated from activity by one particular person, or everyone except a particular person: there is lots of possibilities inside our product.
Why not sign up for a trial today and see what information is gathered for your organization?