The Teams Audit Report is critical to CMMC compliance for several reasons; see the list of reasons below. Only Sponsor Administrators are able to generate and access the Teams Audit Report.
| Feature | Description |
|---|---|
| Monitoring and Accountability: | CMMC requires organizations to maintain detailed records of user activities to ensure accountability. Teams audit logs provide a comprehensive record of actions taken within the platform, which is essential for tracking and verifying compliance with security policies. |
| Incident Response: | In the event of a security incident, having access to detailed audit logs allows organizations to quickly identify and respond to potential threats. This aligns with CMMC requirements for timely detection and response to cybersecurity incidents. |
| Data Protection: | Teams audit reports help ensure that sensitive data, such as Controlled Unclassified Information (CUI), is being accessed and handled appropriately. This is crucial for meeting CMMC standards for protecting sensitive information. |
| Compliance Verification: | Regularly reviewing audit logs helps organizations verify that they are adhering to CMMC requirements. This ongoing monitoring is necessary for maintaining compliance and preparing for CMMC assessments. |
Generate Audit Report
To generate an audit report:
-
Navigate to the Reports tab.
-
Select a Team.
NOTE: Team selection includes all active Teams in your enclave.
-
Select a Date Range (Last 24 Hours, Last 7 Days, Custom).
NOTE: A Custom Date Range must be less than or equal to 180 days.
-
Click the Generate Report button to initiate the request.
NOTE: If you have not previously requested an audit report, an Exostar Audit Reports folder will appear in the Team’s General channel. This folder contains all requested audit reports.
IMPORTANT! You will receive an email when the report is ready.
Audit Report Contents
The file name includes the request date and the report type; example:
-
2026_03_39_17_29_27_teams_audit_report.xlsx
The report includes the criteria used to generate the report (team and date range) and the Teams audit log entries that match the criteria. Each entry includes:
- Date/time the action was taken (UTC)
- UPN of the user taking the action
- IP address of the user taking the action
- Action taken
- Activity
- Context (Team and channel where the action occurred, where applicable)
Audit Report Activities
The following Teams audit log activity is included in the Teams Audit Report:
-
MicrosoftTeams: Includes channel messaging events, membership changes (adding and removing members), meeting creation and attendance, team and channel creation and deletion, and guest access events.
For a detailed list of actions for this activity, please see: Audit log activities