Microsoft Teams: New audit logs for Give control, Take control, and Screensharing

🚨 The Signal: New audit logs for Teams 'Give/Take Control' and 'Screenshare' features are now available. This enhances visibility into who initiated or received control and who started screenshare sessions, improving accountability and incident response capabilities.

The Impact

Security teams and auditors are affected by improved logging, reducing the risk of unmonitored sensitive data exposure during screen sharing.

• Security Teams: Enhanced visibility into potential data exfiltration during screen sharing.
• Auditors: Simplified compliance checks for user activity and access control.
• Incident Responders: Faster identification of individuals involved in control or screenshare actions.
• Privacy Officers: Better understanding of who accessed or shared sensitive information.

The Action

1. Review existing logging and monitoring policies for Microsoft Teams.
2. Familiarise security and audit teams with the new log locations and data points in Teams Admin Centre.
3. Integrate these new audit logs into existing SIEM or security monitoring solutions.
4. Update incident response playbooks to leverage this new audit data for Teams-related incidents.

Domain: Teams · Impact: medium · Workload: Teams