This blog is part of a series on Teams. For more articles, check back often.
Written: 10/09/2019 | Updated: N/A
Why would we want to know how the Team accesses Teams and from where? Firstly, it can tell us more about the Team – do they prefer to use their apps online as opposed to the desktop? If they use Teams like this maybe they use Office like this? It may determine the device which is ideal for them in the future. It could help us with licencing too. If they don’t use desktop apps then maybe they would be better suited to an F1 licence rather than something like an E3. That’s good for our business and its the whole point about Microsoft 365 – it facilitates how users want to work. Secondly, it may be important in terms of security: for example, who is accessing Teams outside of work hours and where? We could be considering a conditional access policy and want to see the typical locations that users are accessing it from before applying it.
WHY WOULD WE DO IT?
- To optimize how the Team uses Teams and Office Apps
- For licencing reasons
- For security reasons (I.e. Conditional Access)
PREREQUISITES
The user needs to be assigned the following roles
- Security Administrator, Security Reader or Report Reader roles
- Global Administrator
- Any user (non-admins) can access their own sign-ins in Azure AD
Users will need Teams licences (per Office/Microsoft 365 licencing)
HOW
1.) The first way is via Azure AD. Log into the Azure Portal at https://portal.azure.com
2.) Go to Azure Active Directory
3.) Select Sign-In’s under Monitoring
4.) Select Add Filter then Application. Type ‘Microsoft Teams’ then Apply
5.) You can now see how members of the Team have accessed Microsoft Teams – whether it is from the web or desktop client, the IP address and location. It also shows whether conditional access is applied. This will show all members of the organisation so to find specific members of the team simply apply more filters by the team users.
However, Azure AD Sign-In’s do not show access by mobile devices. Whilst I have raised a uservoice here which you can vote on, we still need to see that. For this we use the Office 365 Audit Log
6.) Log into https://login.microsoftonline.com and select Admin
7.) In the left navigation, select Security
8.) Select More Resources then Open under Office 365 security & compliance centre
9.) Select Search then Audit Log Search
10.) In the Activities set User Signed in to Teams and hit Search
11.) We now get a list of log ins which contain mobiles. We can filter these if needed.
Our job here is done.
It could be argued that this isn’t optimal insofar that we need to pull from two different sources to get the information we need. However, we can – between the two, get the information we need. We can see how the Team are accessing Teams whether this is through the Desktop Client, the Web Client or the mobile app. We can see this for the different users in the Team, we can see the IP addresses and location of where they accessed it from and we can see whether conditional access applies to them.
By building a picture we have the information we need to go on and make the decisions we need to in terms of productivity, cost and security. We want our users to work in the way that they want, with the fewest overheads and in the most secure manner possible
Maybe we’ll see a report about how users are accessing Teams and from where in the future!
@Microsoft365Pro 