From the Microsoft Teams admin center, it is possible to review previous Teams meetings or calls that a user account has joined. These logs include key information such as meeting or call ID, start time, duration, and participants. The purpose of this information is to assist with troubleshooting meeting or call issues; however, investigators can use it to determine when user accounts have participated in meetings or calls.

The following URL can be used to view this activity log, provided the investigator's account has the Microsoft Teams Administrator role assigned, or a role with higher privileges: https://admin.teams.microsoft.com/dashboard

Select Users, Manage Users, then the account being investigated. Click on Meetings & Calls, then scroll to the bottom of the page to view the Past Meetings table. Clicking on a meeting or call ID will provide more detailed information.

Sections

ID	Name	Description
IF021	Harassment and Discrimination	A subject engages in unauthorized conduct that amounts to harassment or discriminatory behavior within the workplace, targeting individuals or groups based on protected characteristics, such as race, gender, religion, or other personal attributes. Incidents of harassment and discrimination may expose the organization to legal risks, potential reputational damage, and regulatory penalties. Additionally, individuals affected by such behavior may be at higher risk of retaliating or disengaging from their work, potentially leading to further insider risks.
ME018	Aiding and Abetting	An individual or individuals knowingly assist a subject to gain access to devices, systems, or services that hold sensitive information, or otherwise contravene internal policies.
PR022	Social Engineering (Outbound)	A subject deceptively manipulates and/or persuades others in order to gain access to devices, systems or services that hold sensitive information, or to otherwise cause harm or undermine a target organization.
MT012.001	Social Engineering (Inbound)	A third party deceptively manipulates and/or persuades a subject to divulge information, or gain access to devices or systems, or to otherwise cause harm or undermine a target organization.