Microsoft Teams – Notify security administrator when a new team is created by the end users

Microsoft Teams is being used as a most preferred method of communication platform by many organizations. By default in office 365 the group creation is enabled for end users which will allow them to create public and private groups. Few organizations are having the group creation disabled on the organization level for larger scale companies and have users request for creating the teams using a request form which will run through a automation process in the background with help of azure automation accounts ,Microsoft flow or few other mechanisms.

But few organizations are really interested in allowing the users to create the Office 365 groups once their workloads are migrated to office 365. This is primarily to increase the adoption rate of Office 365 workloads Microsoft Teams and SharePoint online.

We have more options available in Office 365 cloud app security. By leveraging these options we can better secure the Office 365 suite of products which in turn controls the Data loss prevention, security compliance, information governance and threat management for the entire organization.

Through Cloud App Security –

Navigate to Cloud App Security – https://portal.cloudappsecurity.com

Select and create Activity Policy

Do not choose any policy templates – select policy severity – category as per classification – Have selected compliance in below example.

Choose the acton single activity – activity type – equals – Team Created.

There is another alternative to create the policy as below by choosing the teams app. Going with this approach provide us more options like to get notified when teamsettingchanged,cut/copy item. adding a channel, changing a channel settings and when a team is deleted. There are lot of other actions which can be added based on our requirement.

Choose the severity and specify the email notification alert with no action.

The security administrators responsible for viewing this new group creation alerts can be added over here.

Further governance actions can be specified. We have an option to notify user and cc additional user with custom message.

The custom message can be added over here. There is an option to add a hyperlink as well.

When a new team is created by the end user the specified email address is notified.

We get more information on the cloud app security alerts.

We can use cloud app security for other activities in office 365 applications as well to notify the security administrators or the SOC team, so that they will be able to monitor the events which are categorized as non-compliance in Office 365 organization according to their security guidelines.

Thanks & Regards

Sathish Veerapandian

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: