Teams Real Simple with Pictures: How are the Team accessing Teams? And from where?

This blog is part of a series on Teams. For more articles, check back often. 

Written: 10/09/2019 | Updated: N/A

Why would we want to know how the Team accesses Teams and from where? Firstly, it can tell us more about the Team – do they prefer to use their apps online as opposed to the desktop? If they use Teams like this maybe they use Office like this? It may determine the device which is ideal for them in the future. It could help us with licencing too. If they don’t use desktop apps then maybe they would be better suited to an F1 licence rather than something like an E3. That’s good for our business and its the whole point about Microsoft 365 – it facilitates how users want to work. Secondly, it may be important in terms of security: for example, who is accessing Teams outside of work hours and where? We could be considering a conditional access policy and want to see the typical locations that users are accessing it from before applying it. 

WHY WOULD WE DO IT?

  • To optimize how the Team uses Teams and Office Apps
  • For licencing reasons
  • For security reasons (I.e. Conditional Access)

PREREQUISITES

The user needs to be assigned the following roles

  • Security Administrator, Security Reader or Report Reader roles
  • Global Administrator
  • Any user (non-admins) can access their own sign-ins in Azure AD

Users will need Teams licences (per Office/Microsoft 365 licencing)

HOW

1.) The first way is via Azure AD. Log into the Azure Portal at https://portal.azure.com

TmsAD1.PNG

2.) Go to Azure Active Directory

TmsAD2

3.) Select Sign-In’s under Monitoring

TmsAD3

4.) Select Add Filter then Application. Type ‘Microsoft Teams’ then Apply

TmsAD4.PNG

5.) You can now see how members of the Team have accessed Microsoft Teams – whether it is from the web or desktop client, the IP address and location. It also shows whether conditional access is applied. This will show all members of the organisation so to find specific members of the team simply apply more filters by the team users.

However, Azure AD Sign-In’s do not show access by mobile devices. Whilst I have raised a uservoice here which you can vote on, we still need to see that. For this we use the Office 365 Audit Log

TmsAD5.PNG

6.) Log into https://login.microsoftonline.com and select Admin

TmsAD6.PNG

7.) In the left navigation, select Security

TmsAD7.PNG

8.) Select More Resources then Open under Office 365 security & compliance centre

TmsAD8

9.) Select Search then Audit Log Search

TmsAD9

10.) In the Activities set User Signed in to Teams and hit Search

TmsAD10.PNG

11.) We now get a list of log ins which contain mobiles. We can filter these if needed.

TmsAD11.PNG

Our job here is done.

It could be argued that this isn’t optimal insofar that we need to pull from two different sources to get the information we need. However, we can – between the two, get the information we need. We can see how the Team are accessing Teams whether this is through the Desktop Client, the Web Client or the mobile app. We can see this for the different users in the Team, we can see the IP addresses and location of where they accessed it from and we can see whether conditional access applies to them.

By building a picture we have the information we need to go on and make the decisions we need to in terms of productivity, cost and security. We want our users to work in the way that they want, with the fewest overheads and in the most secure manner possible

Maybe we’ll see a report about how users are accessing Teams and from where in the future!