Microsoft Teams: Audit logs for Give control, Take control, and Screensharing available for Gov clouds

🚨 The Signal: Microsoft Teams audit logs for 'Give/Take Control' and 'Screensharing' are now available for Government clouds. This enhances visibility into remote control and screen sharing activities, improving accountability and incident response.

The Impact

Security teams and auditors are affected, gaining critical visibility into sensitive Teams collaboration actions, reducing insider risk.

• Security Teams: Enhanced visibility into potential data exfiltration via screen sharing.
• Auditors: Access to detailed logs for compliance and incident investigation.
• Incident Responders: Quicker identification of malicious control or screenshare activities.
• Compliance Officers: Better evidence for regulatory and policy adherence.

The Action

1. Review existing Microsoft Purview audit log retention policies for Teams activities.
2. Familiarize security and audit teams with the new log entries in Purview.
3. Update incident response playbooks to incorporate these new Teams audit logs.
4. Communicate enhanced logging capabilities to relevant stakeholders.

Domain: Purview · Impact: medium · Workload: Microsoft Purview