Microsoft Teams – Notify security administrator when a new team is created by the end users

Microsoft Teams is being used as a most preferred method of communication platform by many organizations. By default in office 365 the group creation is enabled for end users which will allow them to create public and private groups. Few organizations are having the group creation disabled on the organization level for larger scale companies and have users request for creating the teams using a request form which will run through a automation process in the background with help of azure automation accounts ,Microsoft flow or few other mechanisms.

But few organizations are really interested in allowing the users to create the Office 365 groups once their workloads are migrated to office 365. This is primarily to increase the adoption rate of Office 365 workloads Microsoft Teams and SharePoint online.

We have more options available in Office 365 cloud app security. By leveraging these options we can better secure the Office 365 suite of products which in turn controls the Data loss prevention, security compliance, information governance and threat management for the entire organization.

Through Cloud App Security –

Navigate to Cloud App Security –

Select and create Activity Policy

Do not choose any policy templates – select policy severity – category as per classification – Have selected compliance in below example.

Choose the acton single activity – activity type – equals – Team Created.

There is another alternative to create the policy as below by choosing the teams app. Going with this approach provide us more options like to get notified when teamsettingchanged,cut/copy item. adding a channel, changing a channel settings and when a team is deleted. There are lot of other actions which can be added based on our requirement.

Choose the severity and specify the email notification alert with no action.

The security administrators responsible for viewing this new group creation alerts can be added over here.

Further governance actions can be specified. We have an option to notify user and cc additional user with custom message.

The custom message can be added over here. There is an option to add a hyperlink as well.

When a new team is created by the end user the specified email address is notified.

We get more information on the cloud app security alerts.

We can use cloud app security for other activities in office 365 applications as well to notify the security administrators or the SOC team, so that they will be able to monitor the events which are categorized as non-compliance in Office 365 organization according to their security guidelines.

Thanks & Regards

Sathish Veerapandian

6 thoughts on “Microsoft Teams – Notify security administrator when a new team is created by the end users

  1. LuisR February 2, 2021 at 2:01 pm Reply

    Teams creation doesn’t appear on my Tenant. Is there some prerequisite?


  2. LuisR February 8, 2021 at 5:04 pm Reply

    on the Cloud App Security –
    When choosing the action single activity – activity type ….
    … there are no Team related activities on the drop down list


    • Sathish Veerapandian April 11, 2021 at 12:52 pm Reply

      Interesting may be its not present in your Tenant. Better to check with Microsoft Support on this issue.


  3. Srdjan Sasa Ivosevic July 15, 2021 at 2:36 pm Reply

    I can’t select the activity policy. I can only create a app discovery policy.


    • Sathish Veerapandian July 16, 2021 at 5:45 pm Reply

      Thats interesting, not sure how it was possible for me from my tenant. May be Microsoft have changed them recently ?. Better to open a call with them and check the status.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: