-description: "Gain insights into the Microsoft Teams apps used in your organization by getting the Microsoft Teams app usage report from Microsoft 365 Reports."

-# Microsoft 365 Reports in the admin center - Microsoft Teams device usage

-The Microsoft 365 Reports dashboard shows you the activity overview across the products in your organization. It enables you to drill in to individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md). In the Microsoft Teams app usage report, you can gain insights into the Microsoft Teams apps that are used in your organization.

-

-## How to get to the Microsoft Teams app usage report

-1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.

-

-2. From the **Select a report** drop-down, select **Microsoft Teams** \> **Device usage**.

-

-## Interpret the Microsoft Teams app usage report

-You can get a view into Microsoft Teams app usage by looking at the **Users** and **Distribution** charts.

-

-

-

-|Item|Description|

-|:--|:--|

-|1. <br/> |The **Microsoft Teams device usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table (7) will show data for up to 28 days from the current date (not the date the report was generated). <br/> |

-|2. <br/> |The data in each report usually covers up to the last 24 to 48 hours. <br/> |

-|3. <br/> |The **Users** view shows you the number of daily unique users by app. <br/> |

-|4. <br/> |The **Distribution** view shows you the number of unique users by app over the selected time period. <br/> |

-|5. <br/> | On the **Users** chart, the Y axis is the number of users per app. <br/> On the **Distribution** chart, the Y axis is the number of users using the specified app. <br/> The X axis on the charts is the selected date range for the specific report. <br/> |

-|6. <br/> |You can filter the series you see on the chart by selecting an item in the legend. For example, on the **Users** chart, select **Windows**, **Mac**, **Calls**, **Web**, **Android phone**, or **Windows phone** to see only the info related to each one. Changing this selection doesn't change the info in the grid table. <br/> |

-|7. <br/> | The list of groups shown is determined by the set of all groups that existed (weren't deleted) across the widest (180-day) reporting time frame. The activity count will vary according to the date selection. <br/> NOTE: You might not see all the items in the list below in the columns until you add them.<br/> **Username** is the email address of the user. You can display the actual email address or make this field anonymous. <br/> **Last Activity Date (UTC)** refers to the last date that the user participated in a Microsoft Teams activity in an app. <br/> **Deleted** indicates if the team is deleted. If the team is deleted, but had activity in the reporting period, it will show up in the grid with deleted set to true. <br/> **Deleted date** is the date that the team was deleted. <br/> **Windows** is checked if the user was active in the Windows app during the specified time period. <br/> **Mac** is checked if the user was active in a Mac app during the specified time period. <br/> **Web** is checked if the user was active in a web app during the specified time period. <br/> **iOS** is checked if the user was active in an iOS app during the specified time period. <br/> **Android phone** is checked if the user was active in an Android phone app during the specified time period. <br/> **Windows phone** is checked if the user was active in a Windows Phone app during the specified time period. <br/> If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **How do I hide user level details?** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |

-|8. <br/> |Select **Columns** to add or remove columns from the report. <br/> |

-|9. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. <br/> |

-|||

-

-

-description: "Learn how to get the Microsoft Teams user activity report and gain insights into the Teams activity in your organization."

-# Microsoft 365 admin center reports - Microsoft Teams user activity

-The Microsoft 365 Reports dashboard shows you the activity overview across the products in your organization. It enables you to drill in to individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md). In the Microsoft Teams user activity report, you can gain insights into the Microsoft Teams activity in your organization.

-

-## How to get to the Microsoft Teams user activity report

-1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.

-

-2. From the **Select a report** drop-down, select **Microsoft Teams** \> **User activity**.

-

-## Interpret the Microsoft Teams user activity report

-You can get a view into Microsoft Teams user activity by looking at the **Activity** and **Users** charts.<br/>

-

-|Item|Description|

-|:--|:--|

-|1. <br/> |The **Microsoft Teams user activity** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated). <br/> |

-|2. <br/> |The data in each report usually covers up to the last 24 to 48 hours. <br/> |

-|3. <br/> |To ensure data quality, we perform daily data validation checks for the past five days and will be filling any gaps detected. You may notice differences in historical data during the process. <br/> |

-|4. <br/> |The **Activity** view shows you the number of Microsoft Teams activities by activity type. The activity types are number of teams chat messages, private chat messages, calls, or meetings. <br/> |

-|5. <br/> |The **Users** view shows you the number of users by activity type. The activity types are number of teams chat messages, private chat messages, calls, or meetings. <br/> |

-|6. <br/> | On the **Activity** chart, the Y-axis is the count of specified activity. <br/> On the **Files** chart, the Y-axis is the number of users participating in teams chats, private chats, calls, or meetings. <br/> The X-axis on the charts is the selected date range for the specific report. <br/> |

-|7. <br/> |You can filter the series you see on the chart by selecting an item in the legend. For example, on the **Activity** chart, select **Channel messages**, **Chat messages**, **Calls**, or **Meetings** to see only the info related to each one. Changing this selection doesn't change the info in the grid table. <br/> |

-|8. <br/> | The list of groups shown is determined by the set of all groups that existed (weren't deleted) across the widest (180-day) reporting time frame. The activity count will vary according to the date selection. <br/> NOTE: You might not see all the items in the list below in the columns until you add them.<br/>**Username** is the email address of the user. You can display the actual email address or make this field anonymous. <br/> **Last Activity Date (UTC)** refers to the last date that the user participated in a Microsoft Teams activity. <br/> **Channel messages** is the number of unique messages that the user posted in a team chat during the specified time period. <br/> **Chat messages** is the number of unique messages that the user posted in a private chat during the specified time period. <br/> **Calls** is the number of calls that the user participated in during the specified time period. <br/> **Meetings** is the number of online meetings that the user participated in during the specified time period. <br/> **Other activity** is the number of other team activities by the user. <br/> **Deleted** indicates if the team is deleted. If the team is deleted, but had activity in the reporting period, it will show up in the grid with deleted set to true. <br/> **Deleted date** is the date that the team was deleted. <br/> **Product assigned** is the list of products that are assigned to the user. <br/> If your organization's policies prevent you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **How do I hide user level details?** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |

-|9. <br/> |Select **Columns** to add or remove columns from the report. <br/> |

-|10. <br/> |You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. <br/> |

-|||

-

-|Device compliance|Set and manage security policies, like device level PIN lock and jailbreak detection. |Limitations on Android 9 and later devices. See [details](capabilities.md). |Yes|

-|**Security Policy**|**Android 4 and later**|**Samsung KNOX**|**iOS 6 and later**|**Notes**|

-|**What's removed**|**iOS 6 and later**|**Android 4 and later (including Samsung KNOX**|

-|**Content impact**|**iOS 10 and later**|**Android 5 and later**|

-If you'll use retention labels to declare items as records (rather than regulatory records) in SharePoint and OneDrive, consider whether you need to change the default tenant setting that allows users to edit the properties for a labeled record when files are larger than 0 bytes.

-If you use the sender address as a condition or exception the actual field where the value is looked for varies depending on the type of rule you use. For DLP based rules, the Envelope address is used as the sender address. For Exchange transport rules the Header address is used as the sender address.

-<!--

-> [!NOTE]

-> Starting January 20, 2022, the default sender address location will be moved to the Header address along with the availability of the -SenderAddressLocation parameter to configure desired behavior at a DLP rule level.

-

-At the tenant level, you can configure a sender address location to be used across all rules, unless overridden by a single rule. To revert tenant DLP policy configuration to evaluate the sender address from the Envelope across all rules, you can run the following command:

- - Exchange: This folder contains all content from Exchange stored in PST files. Redacted PDF files cannot be included with this option. If an attachment is selected in the review set, the parent email will be exported with the attachment attached.

-2. Follow the prompts for the configuration process.

-

-To edit an existing retention label, select it from the **File Plan** page, and then select the **Edit label** option to start the Edit retention process that lets you change the label description and any eligible settings.

-## August 2021

-### App governance

-### Communication compliance

-### Compliance & service assurance

- - Architecture

- - Audit logging

- - Encryption and key management

- - Identity and access management

- - Microsoft 365 access management

- - Network security

- - Privacy

- - Resiliency and continuity

- - Risk management

- - Security development and operation

- - Security monitoring

- - Supplier management

- - Vulnerability management

-### Data Loss Prevention

-### Insider risk management

-### Retention and records management

-### Sensitivity labels

-[Advanced eDiscovery capabilities](../compliance/overview-ediscovery-20.md) allow a multi-geo eDiscovery administrator to search all of the geos without needing to utilize a "Region" security filter. Data is exported to the Azure instance of the central location of the multi-geo tenant.

-The Microsoft 365 global administrator must assign eDiscovery Manager permissions to allow others to perform eDiscovery and assign a "Region" parameter in their applicable Compliance Security Filter to specify the region for conducting eDiscovery as satellite location, otherwise no eDiscovery will be carried out for the satellite location.

-See the [New-ComplianceSecurityFilter](/powershell/module/exchange/new-compliancesecurityfilter) article for additional parameters and syntax.

- Microsoft Defender for Endpoint analyzes a network and determines if it's a corporate network that needs to be monitored or a non-corporate network that can be ignored. Corporate networks are typically chosen to be monitored. However, you can override this decision by choosing to monitor non-corporate networks where onboarded devices are found.

-| **Options** | Defines whether to display notification or not |**0 or 4**: When Type Allow or Deny is selected. <p>0: nothing<p>4: disable **AuditAllowed** and **AuditDenied** for this Entry. Even if **Block** happens and the AuditDenied is setting configured, the system will not show notification. <p> When Type **AuditAllowed** is selected: <p>0: nothing <p>1: nothing <p>2: send event<p>3: send event <p> When Type **AuditDenied** is selected: <p>0: nothing <p>1: show notification <p>2: send event<p>3: show notification and send event |

-|AccessMask|Defines the access. | **1-7**: <p>1: Read <p>2: Write <p>3: Read and Write <p>4: Execute <p>5: Read and Execute<p>6: Write and Execute <p>7: Read and Write and Execute |

-keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on

-> When a software change is made on a device, it typically takes 2 hours for the data to be reflected in the security portal. However, it may sometimes take longer. Configuration changes can take anywhere from 4 to 24 hours.

-Remote domain settings and mail flow rules are independent of the settings in outbound spam filter policies. For example:

-This feature independence allows you to (for example) allow automatic forwarding in outbound spam filter policies, but use remote domains to control the external domains that users can forward messages to.

-On the main report page, the  **[Create schedule](#schedule-report)**,  **[Request report](#request-report)**, and  **[Export](#export-report)** buttons are available.

-On the main report page, the  **[Create schedule](#schedule-report)**,  **[Request report](#request-report)**, and  **[Export](#export-report)** buttons are available.

-On the main report page, the  **[Create schedule](#schedule-report)**,  **[Request report](#request-report)**, and  **[Export](#export-report)** buttons are available.

-Back on the main report page, if you click **Choose a category for more details**, you can select from the following values:

-On the main report page, the  **[Create schedule](#schedule-report)** and  **[Export](#export-report)** buttons are available.

-Back on the main report page, if you click **Choose a category for more details**, you can select from the following values:

-On the main report page, the  **Create schedule** and  **Export** buttons are available.

-Back on the main report page, you can click **Show trends** to see trend graphs in the **Mailflow trends** flyout that appears.

-On the main report page, the  **Export** button is available.

-On the main report page, the  **[Create schedule](#schedule-report)**,  **[Request report](#request-report)**, and  **[Export](#export-report)** buttons are available.

-On the main report page, the **[Export](#export-report)** button is available.

-On the main report page, the  **[Create schedule](#schedule-report)**,  **[Request report](#request-report)**, and  **[Export](#export-report)** buttons are available.

-On the main report page, the  **[Create schedule](#schedule-report)**,  **[Request report](#request-report)**, and  **[Export](#export-report)** buttons are available.

-On the main report page, the  **[Create schedule](#schedule-report)**,  **[Request report](#request-report)**, and  **[Export](#export-report)** buttons are available.

-On the main report page, the  **[Create schedule](#schedule-report)**,  **[Request report](#request-report)**, and  **[Export](#export-report)** buttons are available.

-On the main report page, the  **[Create schedule](#schedule-report)**,  **[Request report](#request-report)**, and  **[Export](#export-report)** buttons are available.

-On the main report page, the  **[Create schedule](#schedule-report)**,  **[Request report](#request-report)**, and  **[Export](#export-report)** buttons are available.

-On the main report page, the  **[Export](#export-report)** button is available.

-On the main report page, the  **[Export](#export-report)** button is available.

-On the main report page, the  **[Create schedule](#schedule-report)** and  **[Export](#export-report)** buttons are available.

-The **Top senders and recipient** report is available in both EOP and Defender for Office 365; however, the reports contain different data. For example, EOP customers can view information about top malware, spam, and phishing (spoofing) recipients, but not information about malware detected by [Safe Attachments](safe-attachments.md) or phishing detected by [impersonation protection](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365).

-On the main report page, the  **Export** button is available.

-On the main report page, the  **[Export](#export-report)** button is available.

-1. On the main report page, click  **Create schedule**.

-1. On the main report page, click  **Request report**.

-1. On the main report page, click  **Export** (if that link is available).

-If you click on the main report page, an **Export conditions** flyout appears where you can configure the following settings:

-2. Select **Edit**  on the group that you want to allow users to send as.

-3. Select **group delegation**.

-4. In the **Send As** section, select the **+** sign to add the users that you want to send as the Group.

-

- 

-5. Type to search or pick a user from the list. Select **OK** and **Save**.

- 

-

-2. Select **Edit**  on the group that you want to allow users to send as.

-3. Select **group delegation**.

-4. In the Send on Behalf section, select the **+** sign to add the users that you want to send as the Group.

-

- 

-5. Type to search or pick a user from the list. Select **OK** and **Save**.

-

-