Can Microsoft Teams chat be monitored?

Can your employer view Teams chat history?

Teams chat activity can be tracked in Microsoft 365 admin dashboards, such as the number of Teams groups and private chat messages initiated by a user and the number of replied messages. Admins can anonymize identifiable information in this activity data, such as names and email addresses.

However, a business can view an employee's Teams chat content through an e-discovery investigation. Teams chat activity available through e-discovery includes the following:

• Chat messages.
• Edited messages.
• Microsoft Loop components.
• Emojis, GIFs and stickers.
• Chat reactions.
• Teams channel names.

Investigators can also use Risk Management tools to review content deemed a threat, harassment or policy violation.

For regulated industries, these monitoring capabilities can also support legal hold requirements, audit preparedness and internal compliance investigations.

Organizations can monitor Teams chat using both native Microsoft 365 capabilities and third-party compliance platforms. The right choice depends on regulatory requirements, retention needs and the level of investigative visibility required. • Teams Admin Center. Admins can configure retention policies for private chats, channels, teams and specific users. Admins can also configure message policy settings, such as the ability to report inappropriate content or security concerns. • Microsoft Purview. Identifies inappropriate content in Teams channels, one-on-one chats and group chats, such as sensitive information, obscene language or adult images. Admins can also act on and block inappropriate messages. The service can also configure communication compliance policies with GenAI interactions. • Theta Lake. Integrates with Teams to provide capture, archive and compliance of one-on-one, group and private chats, including messages, images, files and voice messages. • Mimecast Aware. Integrates with Teams and uses AI and machine learning to analyze Teams messages in real time for policy violations, data loss, compliance and sentiment analysis. Third-party tools are often used by organizations with stricter archiving, supervision or regulatory requirements that extend beyond native Microsoft 365 capabilities.

How to monitor Teams chats: Step by step

1. Verify you have the right Microsoft 365 license

If you want to monitor Teams chat, first understand that not all Microsoft 365 plans offer communication compliance as a feature, nor does Microsoft offer communications compliance as a standalone subscription. IT departments that use Basic, Standard or Premium licenses must upgrade to an E5 license plan or an E3 license plan with an E5 Compliance add-on to enable communication compliance features for chat monitoring.

In early 2025, Microsoft introduced a pay-as-you-go subscription for generative AI (GenAI) to enable customers without E3 and E5 subscriptions to access AI content and communication monitoring.

2. Enable communication compliance

Before any chat monitoring can be done, an administrator who is assigned as a communication compliance administrator must first enable the use of communication compliance features at a global level. Once this step is complete, authorized admins can access all the configuration features that enable monitoring of some or all users.

Administrators who are tasked with monitoring chat communications can be assigned to one of several roles depending on their duties and their need to access chat logs. Some examples of these roles are the following:

• Communication compliance admin. This role can enable communication compliance, define lower-level compliance administrators and perform the typical read/write/update/delete policy that's necessary to manage chat monitoring.
• Communication compliance analyst. This role can review created policies and view message metadata, but not message content.
• Communication compliance investigator. This role can view both message metadata and the messages themselves. The investigator can also mark flagged communications, so they are added to specific e-discovery.

3. Consider Insider Risk Management

The new Microsoft Purview Insider Risk Management tool can help correlate the different signals within Office 365 services to identify any potential malicious or inadvertent insider risks that may be listed within Teams chats. 

To use the service, organizations must subscribe to the pay-as-you-go billing and provision licenses. Then admins must establish the policies required to detect potentially risky activities or chats with the following steps:

• Turn on auditing. The organization must have auditing turned on for all its activities to be recorded in the audit log.
• Get permissions to use Insider Risk Management. Administrators must be assigned the Insider Risk Management Admin role in the Office 365 admin console.
• Choose policy indicators. Select policy indicators for the desired Microsoft services to activate the proper activity monitoring.  
• Create the required policy. Create a policy that provides alerts for potentially risky activities in Teams chat.

4. Determine whom to monitor

Communication compliance administrators can monitor the chats and other Teams and email communications of specific employees -- or all employees with the appropriate license assigned to them. Administrators can also place users into specific monitoring groups, which streamline communications monitoring policy configuration for certain teams or departments that require more granular monitoring rules. 

While the focus is on using monitoring tools for chats, Teams also provides an integration with Copilot. Microsoft is expanding its monitoring capabilities to include GenAI tools used within Teams.

5. Create a monitoring policy

Administrators must plan and configure policies to sufficiently monitor each communications compliance group. Microsoft offers policy templates or the ability for administrators to create a policy from scratch. A third option is to use a built-in policy wizard that walks administrators through the policy creation process. Regardless of the method used, the purpose of policy creation is to do the following:

• Place users into monitoring groups.
• Elect who can review the policy and/or messages that are being monitored.
• Select what communication channels to monitor within Microsoft 365.
• Designate the conditions and keywords that the communication compliance tool should alert on.
• Choose whether inbound, outbound or internal-only communications should be monitored.

While many more steps and details are required to get communication compliance up and running within an organization, the core steps have been covered here. Once complete, the users and groups created begin monitoring and alerting on compliance violations as policy dictates.

Monitoring Microsoft Teams chat is less about surveillance and more about governance. With the right licensing, role assignments and policies in place, organizations can support collaboration while maintaining compliance, mitigating insider risk and protecting sensitive data.

Types of Teams monitoring tools

Organizations can monitor Teams chat using both native Microsoft 365 capabilities and third-party compliance platforms. The right choice depends on regulatory requirements, retention needs and the level of investigative visibility required.

• Teams Admin Center. Admins can configure retention policies for private chats, channels, teams and specific users. Admins can also configure message policy settings, such as the ability to report inappropriate content or security concerns.
• Microsoft Purview. Identifies inappropriate content in Teams channels, one-on-one chats and group chats, such as sensitive information, obscene language or adult images. Admins can also act on and block inappropriate messages. The service can also configure communication compliance policies with GenAI interactions.
• Theta Lake. Integrates with Teams to provide capture, archive and compliance of one-on-one, group and private chats, including messages, images, files and voice messages.
• Mimecast Aware. Integrates with Teams and uses AI and machine learning to analyze Teams messages in real time for policy violations, data loss, compliance and sentiment analysis.

Third-party tools are often used by organizations with stricter archiving, supervision or regulatory requirements that extend beyond native Microsoft 365 capabilities.

Reda Chouffani runs a consulting practice he co-founded, Biz Technology Solutions Inc., and is CTO at New Charter Technologies. He is a technology consultant with a focus on healthcare and manufacturing, cloud expert and business intelligence architect who helps enterprises make the best use of technology.

Andrew Froehlich is founder of InfraMomentum, an enterprise IT research and analyst firm, and president of West Gate Networks, an IT consulting company. He has been involved in enterprise IT for more than 20 years.