How to audit file access in Microsoft Teams

With FileAudit, you can monitor access to sensitive files across their IT environment, both in real time as it occurs, and retrospectively through an audit trail.

It can do this not only for internal Windows servers but external cloud platforms such as Microsoft OneDrive for Business, SharePoint Online, Google Drive, Dropbox Business, and Box. 

You can also use FileAudit to monitor and audit file access within Microsoft Teams.

This is good news for compliance. As more and more files are exchanged via collaboration environments such as Teams, the ability to monitor and audit these tools is becoming an essential part of comprehensive file auditing.

File auditing is a simple concept: it gives organizations a way to see who is accessing sensitive files across their environment. But there’s a caveat: file auditing can only monitor what it can see.

This is where file auditing systems differ. All file auditing systems will be able to capture files on internal Windows servers and shares. However, cloud platforms might be a different matter with some supported but not others.

For data managers, this can be frustrating. Organizations want insight into how files are being accessed without any blind spots. Unfortunately, there are now so many external platforms, keeping up with and supporting them all can be difficult.

Collaboration platforms such as Teams pose a special challenge for file auditing systems. Although they platforms look like a single environment, in reality they knit together multiple underlying file stores in ways that makes file auditing more complex to implement.

By default, files uploaded via to dedicated Teams channels are stored in SharePoint Online and are made available from the files tab to everyone subscribed to each channel.

Conversely, files shared during a chat within Teams are stored in OneDrive for Business and are only visible to other members in the same conversation (in both cases, files are accessed via an organization’s Microsoft 365 subscription which means that personal OneDrive accounts are not included).

Teams is an interesting case. By design, the ability to share files is central to collaboration platforms. This sharing is often sporadic, with users accessing small numbers of files each time. Nevertheless, across an organization, the volume of file sharing will add up.

Files can also be shared with external recipients, a clear risk for data leakage. The possibility of data loss on this type of channel is not something organizations should take a chance on.

Microsoft tools such as Purview can be used to conduct basic file auditing on its cloud platforms, including Teams. However, this is limited to auditing Microsoft’s own systems and some features also depend on the Microsoft 365 licensing tier an organization has subscribed to.

The advantage of FileAudit is that it gives admins an integrated view of how users are accessing, modifying, deleting, copying, and sharing files across all the platforms it supports and not only Microsoft’s.

This broader view is critical to good file auditing. The whole point of file auditing is to record how users are accessing files across platforms. If auditing is not comprehensive enough there is a risk that access will go undetected or unexamined, potentially running afoul of compliance.

Using FileAudit, data managers can track how files originating in SharePoint Online and OneDrive for Business are being shared specifically within Teams.

Importantly, FileAudit’s interface is simple enough that anyone can use it. In healthcare, data owners are often spread across an organization. FileAudit allows organizations to move monitoring closer to these people, relieving pressure on the IT department.