How to Audit Data Access in MS Teams and SharePoint Online

Download Lepide Office 365 Auditor
x
Or Deploy With Our Virtual Appliance
In This Article

Microsoft Teams provides communication and collaboration tools in one place, which means that users can seamlessly switch between features and applications. Users can store documents, spreadsheets, presentation slides, and many other types of files on their SharePoint and MS Teams sites and they can share any of this content with others inside or outside of the organization in just a few clicks.

This makes working as a team from any location easy and efficient, but it also means that the potential for malicious behavior is increased so it is essential that activity is closely monitored to mitigate any risk. As well as this, most compliance regulations require data access auditing to prove that there is control over sensitive data.

The native Office 365 Unified Audit Log does enable you to report on access events, but its filtering options are so limited that users often have to spend significant amounts of time refining and analyzing access events, which increases the risk that dangerous or malicious activity will go unnoticed.

A solution to this time-consuming and complex process is to use the Lepide Auditor for Office 365. With the Lepide Auditor, you are able to generate the All Modifications in Microsoft Teams Report showing you all MS Teams and SharePoint activity within a specified date range.

Here are two ways to audit data access in MS Teams and SharePoint online and they are described below.

  1. Audit Data Access in MS Teams and SharePoint Online Using Native Auditing
  2. Audit Data Access in MS Teams and SharePoint Online Using Lepide Auditor

Audit Data Access in MS Teams and SharePoint Online Using Native Auditing

Open the Office 365 Security & Compliance dashboard.

  • Go to Audit
  • Click the Search tab
  • In the Activities filters, choose File and folder activities
  • Click Search
  • MS Teams Audit Logs
    Figure: MS Teams Event Logs

To group the events by the user who was accessing data, you can download the data into a .csv file and sort the data there.

To review the path to the specific document, select the event and click on the Details section:

MS Teams Log Details
Figure: MS Teams Event Detail

Audit Data Access in MS Teams and SharePoint Online Using Lepide Auditor

The Lepide Auditor overcomes the complexity of the native method by providing a straightforward way to report on data access in MS Teams and SharePoint Online using the All Modifications in Microsoft Teams and SharePoint Online Reports:

Lepide Auditor MS Teams Report
Figure: MS Teams All Changes Report – Lepide Auditor

To create this report:

  • Click the User & Entity Behavior Analytics icon and select All Modifications in Microsoft Teams from the Office 365 node.
  • Select a date range and click Generate Report
  • To see further detail about a specific object, click Details and the Details Window will be displayed:
    MS Teams Event Details
    Figure: MS Teams Event Details – Lepide Auditor
  • The report can be sorted, filtered, grouped, saved, and exported

Similarly, you can run the report for SharePoint Online modifications

All SP Online Changes
Figure: SharePoint Online All Changes Report – Lepide Auditor

In conclusion, you can see that the Lepide Auditor for Office 365 provides a straightforward way to report on MS Teams and SharePoint activity resulting in a comprehensive yet clear-to-understand report.

Download Lepide Office 365 Auditor

x
Or Deploy With Our Virtual Appliance