Does MS Teams write to Event log?

I'd like to trigger a script action upon MS Teams client launch. My first guess was to hook it on an event in the Event log.

However, I was unable to find if the app actually writes to the Windows Event log. Nothing found in my Event Viewer nor MS Teams dev guide. Google is of no help... There also might be other ways of approaching this. Any hints would be very appreciated.

Thank you!

Solution 1:

I very much doubt that Teams is generating a specific event log event when it's launching, but you can detect any process, including Microsoft Teams, by looking at event id 4688 (process tracking needs to be audited however) and filtering on the process name and path.

On my system, the event looks similar to the below:

A new process has been created.

Creator Subject:
    Security ID:        DOMAIN\lucky.luke
    Account Name:       lucky.luke
    Account Domain:     DOMAIN
    Logon ID:       0xDBA77

Target Subject:
    Security ID:        NULL SID
    Account Name:       -
    Account Domain:     -
    Logon ID:       0x0

Process Information:
    New Process ID:     0x730c
    New Process Name:   C:\Users\lucky.luke\AppData\Local\Microsoft\Teams\current\Teams.exe
    Token Elevation Type:   TokenElevationTypeLimited (3)
    Mandatory Label:        Mandatory Label\Medium Mandatory Level
    Creator Process ID: 0x725c
    Creator Process Name:       C:\Users\lucky.luke\AppData\Local\Microsoft\Teams\current\Teams.exe

Keep in mind that it creates 4 instances for me, so whatever you trigger you create would need to take that into consideration and only trigger on the first one.

There is software out there than can utilize thresholds and such that will accomplish that if necessary (e.g. EventSentry Light).