Microsoft Teams provides communication and collaboration tools in one place, which means that users can seamlessly switch between features and applications. Users can store documents, spreadsheets, presentation slides, and many other types of files on their SharePoint and MS Teams sites and they can share any of this content with others inside or outside of the organization in just a few clicks.
This makes working as a team from any location easy and efficient, but it also means that the potential for malicious behavior is increased so it is essential that activity is closely monitored to mitigate any risk. As well as this, most compliance regulations require data access auditing to prove that there is control over sensitive data.
The native Office 365 Unified Audit Log does enable you to report on access events, but its filtering options are so limited that users often have to spend significant amounts of time refining and analyzing access events, which increases the risk that dangerous or malicious activity will go unnoticed.
A solution to this time-consuming and complex process is to use the Lepide Auditor for Office 365. With the Lepide Auditor, you are able to generate the All Modifications in Microsoft Teams Report showing you all MS Teams and SharePoint activity within a specified date range.
Here are two ways to audit data access in MS Teams and SharePoint online and they are described below.
- Audit Data Access in MS Teams and SharePoint Online Using Native Auditing
- Audit Data Access in MS Teams and SharePoint Online Using Lepide Auditor
Audit Data Access in MS Teams and SharePoint Online Using Native Auditing
Open the Office 365 Security & Compliance dashboard.
- Go to Audit
- Click the Search tab
- In the Activities filters, choose File and folder activities
- Click Search
To group the events by the user who was accessing data, you can download the data into a .csv file and sort the data there.
To review the path to the specific document, select the event and click on the Details section:
Audit Data Access in MS Teams and SharePoint Online Using Lepide Auditor
The Lepide Auditor overcomes the complexity of the native method by providing a straightforward way to report on data access in MS Teams and SharePoint Online using the All Modifications in Microsoft Teams and SharePoint Online Reports:
To create this report:
- Click the User & Entity Behavior Analytics
icon and select All Modifications in Microsoft Teams from the Office 365 node. - Select a date range and click Generate Report
- To see further detail about a specific object, click Details and the Details Window will be displayed:
Figure: MS Teams Event Details – Lepide Auditor - The report can be sorted, filtered, grouped, saved, and exported
Similarly, you can run the report for SharePoint Online modifications
In conclusion, you can see that the Lepide Auditor for Office 365 provides a straightforward way to report on MS Teams and SharePoint activity resulting in a comprehensive yet clear-to-understand report.