...
By default it will write the activity that was blocked, Every record will include the From field value to be the user that has performed the operation and the activity type (for example File sharing, Desktop sharing etc)
Which activities are registered in the auditing ?
Auditing all activities
In order to audit all activities, go to settings> Auditing and enable “Monitor all communication traffic”
Now, while working the proxy, all activities will be monitored with the following flow:
P2P
Desktop sharing , Audio and Video in P2P will create a record for each activity done
Conference (meeting & group chat )
Meeting can include both managed (Always internal) users and non managed users (external or internal)
...
The system will not write additional reports of M3 as well as additional reports of M1 and M2 telling about M3 joining as they are already covered by pervious records.
When allow is reported, we only have one record per joined user.
user@nonmanaged.teams & Anonymous@anonymous.team
If meeting has only users that are non managed, and a managed anonymous user is joining, the proxy gets notification on the anonymous user joining and not information on other users.
...
The policy that will be returned is build in policy “Block Anonymous join” (only if anonymous is not allowed as set in the EW settings:
...
Chat and files transfer
Theses operations will not be written by proxy as they are covered by CASB API
Auditing of Governance events by TP Filter
Done directly by the filter to the DB
...