Forum Discussion

Kyrouz's avatar
Kyrouz
Copper Contributor
Jan 07, 2022

Teams Policy Change Audit Logs - Where are they in Sentinel?

My question is something of a follow-up to this one:

 

https://techcommunity.microsoft.com/t5/microsoft-teams/teams-policy-audit-logs/m-p/2291716#M90945

 

How can I get this information in Sentinel?  I have all of the 365 connectors in place, and I do not see policy changes in AzureActivity or in any other table.  Specifically - I don't see things like changes to the Permissions policies.  I can tell you who created an individual team 6 months ago but not those policy changes.

Administrator audit

2 Replies

  • jcgonzalezmartin's avatar
    jcgonzalezmartin
    MVP
    Jan 08, 2022
    To get information in Sentinel either you rely on Office 365 connectors or do a more "build" yourself where you can ingest the data you need into Sentinel and display it in the way you need
    • Kyrouz's avatar
      Kyrouz
      Copper Contributor
      Jan 08, 2022

      jcgonzalezmartin 

       

      So policy changes are not in the connector, then?

       

      With respect to build option... I'd been postponing building my own connection for email events, and then finally Microsoft finally added them to the connector.  Would be nice to have access to the roadmap...