Microsoft Teams New Audit log Feature Allows Admins to Track Individuals Actions

Microsoft is set to revolutionize enterprise security monitoring with comprehensive audit logging capabilities for screen sharing and control features in Microsoft Teams, rolling out in July 2025.

Microsoft announced a significant enhancement to its enterprise security toolkit with the introduction of detailed audit logs for Teams’ “Give control,” “Take control,” and screen sharing features.

This development, tracked under Microsoft 365 Roadmap ID 489224, represents a major step forward in organizational transparency and accountability for collaborative activities.

Microsoft Teams New Audit Logs Feature

The new audit logging system will provide administrators with unprecedented visibility into screen sharing and control activities within their organizations.

These comprehensive logs will capture critical information, including participant names, precise timestamps, and detailed action records for every control transfer and screen sharing session.

Administrators will be able to track who initiated screen sharing sessions, who requested or received control permissions, and the exact timing of these interactions.

This enhancement addresses growing enterprise needs for security oversight and compliance monitoring in remote collaboration environments.

The feature builds upon Microsoft’s existing audit logging infrastructure, which currently tracks various Teams activities, including app management events and meeting participation.

The audit logging functionality will be available across multiple platforms, including Teams for Windows desktop, Teams for Mac desktop, and Teams for web browsers.

However, certain limitations apply to the rollout. The “Give control” and “Take control” features will not be supported in town halls, webinars, or Teams mobile applications for iOS and Android devices.

Despite these platform restrictions, the feature will cover the majority of enterprise collaboration scenarios where screen control and sharing occur.

Organizations using Teams for presentations, troubleshooting, and collaborative work sessions will benefit from the enhanced monitoring capabilities.

Microsoft has outlined a phased rollout schedule beginning in July 2025. The Targeted Release phase will commence in early July 2025, with completion expected by mid-July 2025.

Following this initial deployment, General Availability worldwide will begin in mid-July 2025 and conclude by late July 2025.

The implementation process requires no preliminary administrative action, as the feature will be enabled automatically during the specified rollout period.

Organizations can access these audit logs through the Microsoft Purview portal by navigating to Audit > Audit search > New search.

The audit logs will integrate seamlessly with existing Microsoft Purview compliance tools, allowing administrators to create comprehensive security reports and maintain regulatory compliance.

Organizations should prepare by reviewing current audit log configurations and assessing the potential impact on their compliance procedures.

Microsoft recommends that administrators notify users about these monitoring capabilities and update relevant documentation to reflect the enhanced oversight.

The automatic rollout ensures minimal disruption while maximizing security benefits for enterprise Teams deployments.

Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access