Search the audit log for events in Microsoft Teams

Important

The new Microsoft Teams admin center is here! Starting in March 2018, we've been gradually migrating settings to it from both the current Skype for Business admin center and the Microsoft Teams experience in the Office 365 admin center. If a setting has been migrated, you'll see a notification and then be directed to the setting's location in the new Microsoft Teams admin center. For more information, see Manage Teams during the transition to the new Microsoft Teams admin center.

The audit log can help you investigate specific activities across Office 365 services. For Teams, here are some of the activities that are audited:

  • Team creation

  • Team deletion

  • Added channel

  • Changed setting

To see the complete list of activities that are audited in Office 365, read Search the audit log in the Office 365 Security & Compliance Center.

Turn on auditing in Teams

Before you can look at audit data, you have to first turn on auditing in the Security & Compliance Center(https://protection.office.com). For help turning on auditing, read Turn Office 365 audit log search on or off.

Important

Audit data is only available from the point at which you turned on Auditing.

Retrieve Teams data from the audit log

  1. To retrieve audit logs, go to the Security & Compliance Center. Under Search & Investigation, select Audit log search.Screenshot of the Audit log search page of the Security & Compliance Center.

  2. Use Search to filter by the activities, dates, and users you want to audit.

  3. Export your results to Excel for further analysis.

Important

Audit data is only visible in the Audit Log if auditing is turned on.

Video: TechTip: Using Audit Log Search in Teams

Join Ansuman Acharya, a program manager for Teams, as he demonstrates conducting an Audit Log search for Teams in the Office 365 Security & Compliance Center.