Microsoft Teams - The Admin's Check List

What do you want to do is to make sure that you've completed the following checklist:

  • You're highly encouraged to create additional Global Admin accounts.
  • You're highly encouraged to turn on the Multi-Factor Authentication for the Admin accounts.
  • You're highly encouraged to change the default technical contact to a distribution group.
  • You're highly encouraged to update the Privacy Contact information.
  • You're highly encouraged to turn on the Auditing.

Lets do this

Create additional Global administrators

When you subscribed for the Free Microsoft Teams offering you were using a Microsoft Account and therefore you cannot access the Office 365 Admin Center. To overcome this situation you need to use the Azure Active Directory admin center to create a new - so called - organizational account.

Create a new Azure Active Directory user
  1. Log in to the Azure portal.
  2. Select Azure Active Directory > Users and groups > All users > New user.
  3. Enter details for the user, like Name and User name.
  4. Note the user’s full name and temporary password.
  5. Select Directory role.
  6. Assign role Global Administrator.
  7. Log out of Azure and then log back in with the account you just created.You are prompted to change the user’s password.

Now your new Global Admin account is ready.

Turn on the Multi-factor Authentication

There is a new Conditional Access policy called Baseline policy: Require MFA for admins (Currently in preview on 23/07/2018). This is a free conditional access policy which doesn't require Azure AD Premium Subscription.

Announcement blog post.

Staying in the Azure AD portal, Select Azure Active Directory > Conditional access > Baseline policy: Require MFA for admins > Use policy immediately and Save.

Next time when an Admin tries to login it will be redirected to a page to set up the Multi-factor authentication.

Change the Contact information

Staying in the Azure AD portal, Select Azure Active Directory > Properties and change the Technical contact and the Global privacy contact.

In the rare case when there is a breach in your #Office365 subscription @Microsoft will use the Global privacy contact information to inform your organization.

Learn more about Office 365 Breach Notification Under the GDPR

Turn on Auditing

Using one of the new Global Admins you need to navigate to the Office 365 Admin Center and from the left navigation choose Admin center > Security & Compliance
When you're on the Security & Compliance open the Search & investigation > Audit log search page and on the yellow top banner there should be a button to Turn on Auditing

After you successfully enabled the Audit log collection it could take up to 24 hours until you can use the Search capabilities of the portal.