Teams Monitoring and Troubleshooting (15 questions)
Go deeper on this topic in Microsoft Teams Monitoring and Troubleshooting Field Guide.
You need to let a group of Tier-1 helpdesk agents view per-user Call Analytics so they can collect basic information and escalate call issues. They must NOT have access to the rest of the Teams admin center, and you want to grant the least privilege necessary. Which Microsoft Entra role should you assign?
Correct answer: B. Teams Communications Support Specialist
The Teams Communications Support Specialist gives limited (Tier-1) per-user call analytics with a restricted view - and no access to the rest of the Teams admin center. That is the least-privilege fit for agents who collect basic information and escalate.
Why the other options are wrong:
- A. The Teams Administrator has full Teams admin center access, far more than required, so it is not least privilege.
- C. The Teams Device Administrator cannot view call analytics at all, so the agents could not perform the task.
- D. The Support Engineer grants full detailed (Tier-2) call data, more than needed for basic collection and escalation.
Memory hook: Basic triage goes to the Specialist; deep dives go to the Engineer. Least privilege picks Specialist.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/set-up-call-analytics#give-permission-to-support-and-helpdesk-staff
A Tier-1 helpdesk agent holding the Teams Communications Support Specialist role is troubleshooting a user's poor call. They can open the user's Meetings & Calls session, but the Advanced and Debug tabs don't show device names, IP addresses, subnet mapping, DNS suffix, or Wi-Fi SSID. Escalation to Tier 2 is needed. Which role provides full visibility of that detailed call data?
Correct answer: D. Teams Communications Support Engineer
The Teams Communications Support Engineer (Tier 2) sees the detailed call-log information hidden from the Specialist - including the Advanced tab (device names, IP address, subnet mapping) and the Debug tab (DNS suffix, SSID). Phone numbers remain obfuscated for every role.
Why the other options are wrong:
- A. The Teams Device Administrator manages Teams devices but has no access to call analytics or call quality data.
- B. The Reports Reader can view usage and CQD reports but not the per-user Advanced/Debug call-analytics detail.
- C. The Teams Telephony Administrator manages voice/phone numbers and can see PSTN usage reports, but it is not the role that unlocks detailed per-user call analytics.
Memory hook: Specialist sees the surface; Engineer sees the depths - Advanced + Debug (IP, subnet, DNS, SSID).
Microsoft Learn: https://learn.microsoft.com/microsoftteams/use-call-analytics-to-troubleshoot-poor-call-quality#what-does-each-teams-support-role-do
Finance asks how many of this month's pooled Calling Plan and audio-conferencing minutes your organization has used and how many remain, broken down by license and country/region. Which Teams admin center report answers this directly?
Correct answer: A. PSTN minute pools report
The PSTN minute pools report gives an overview of audio conferencing and calling activity for the current month, showing total minutes available, minutes used, and minutes remaining, broken down by the license (capability) used and by location.
Why the other options are wrong:
- B. The PSTN blocked users report lists blocked users and reasons; it says nothing about minute pools.
- C. The Teams user activity report covers per-user messaging and meeting activity, not PSTN minute pools.
- D. The PSTN usage report provides per-call detail records (time, number, duration, charge), not the pooled minute balance.
Memory hook: Minutes remaining this month: PSTN minute POOLS (a pool is a balance).
Microsoft Learn: https://learn.microsoft.com/microsoftteams/teams-analytics-and-reports/pstn-minute-pools-report
In the Teams user activity report, your analysts see hashed values instead of real display names, group names, and email addresses. Leadership wants the actual names shown so they can follow up with low-adoption users. What must be done, and who can do it?
Correct answer: B. A Global Administrator turns on (selects) 'Display concealed user, group, and site names in all reports' in the Microsoft 365 admin center (Settings, then Org Settings, then Services, then Reports); the change applies to both Microsoft 365 and Teams admin center reports.
Name concealment is a tenant-wide reports privacy setting (MD5 hashing, on by default since September 1, 2021) that only a Global Administrator can change, in the Microsoft 365 admin center under Settings, then Org Settings, then Services, then Reports. Because the checkbox is labeled 'Display concealed user, group, and site names in all reports,' you must select/turn ON the setting to reveal real names (clearing it re-conceals them). This single tenant-wide setting governs both the Microsoft 365 usage reports and the Teams admin center usage reports (and Microsoft Graph/Power BI).
Why the other options are wrong:
- A. The hashing is the Microsoft 365 reports privacy setting, not a CQD EUII control, and it is unrelated to the Teams Communications Support Engineer role.
- C. Exporting to CSV does not resolve the MD5 hashes. While the setting is on, the export is de-identified exactly like the on-screen report, and a Reports Reader cannot change the privacy setting.
- D. There is no separate anonymization toggle in the Teams admin center, and a Teams Administrator cannot change it. Concealment is a Microsoft 365 admin center tenant-wide reports setting that requires Global Administrator and applies to both M365 and Teams reports.
Memory hook: The checkbox is named for what you WANT to see: 'Display concealed names' - turn it ON to reveal, and only a Global Admin holds that key.
Microsoft Learn: https://learn.microsoft.com/microsoft-365/admin/activity-reports/activity-reports#show-user-group-or-site-details-in-usage-reports
A user reports choppy audio on a PSTN call and separately on a 1:1 Teams call. You open the user's profile in the Teams admin center and try to use Real-Time Analytics (real-time telemetry) to watch the media metrics live, but no real-time data is available for those calls. Why?
Correct answer: A. Real-time telemetry is only available for scheduled meetings and Meet Now; it isn't available for PSTN calls, 1:1 calls, or group calls.
Real-Time Analytics is limited to scheduled meetings and Meet Now. PSTN calls, 1:1 calls, and group calls are explicitly unsupported, so no live telemetry is shown for them regardless of role, age, or network.
Why the other options are wrong:
- B. Managed vs unmanaged subnet affects CQD Inside/Outside classification, not whether real-time telemetry exists for a given call type.
- C. Retention is not the issue here; these call TYPES are unsupported for real-time telemetry regardless of age.
- D. The support roles govern which admin or agent can VIEW telemetry, not whether telemetry is collected on a user's calls.
Memory hook: Real-Time Analytics = meetings only (scheduled + Meet Now). No PSTN, no 1:1, no group calls.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/use-real-time-telemetry-to-troubleshoot-poor-meeting-quality
During a 12-participant Teams conference, one participant reported choppy incoming audio. A support engineer analyzing the session in the Call Quality Dashboard wants to determine whether the degradation occurred on that participant's outbound leg to the conference server or on the inbound leg from the server to the participant. Which type of CQD data supports this determination, and why?
Correct answer: C. Stream-based measurements, because each stream represents one direction between two endpoints, so quality metrics can be attributed to a specific leg.
Microsoft's quality of experience guidance explains why stream-level analysis is preferred over call-level analysis for root cause work: streams identify which particular leg of the call was poor - outgoing or incoming. A stream flows in exactly one direction between two endpoints, so jitter, packet loss, and round-trip metrics on a stream tell you the direction and the endpoint involved. Call data gives usage metrics but does not necessarily lead to the root cause of poor quality: when any stream in a call is poor, the whole call is flagged poor, hiding which side or leg degraded. For a conference, stream direction reveals whether the participant's uplink or downlink was the problem, which drives completely different remediation.
Why the other options are wrong:
- A. Total Call Count is a volume measure (and one that relies on a distinct-count operation with a documented error factor). It counts calls; it carries no directional quality information.
- B. Call-level aggregation is exactly what hides the answer: a poor call flag does not reveal whether the sending or receiving leg degraded, or which participant's leg was responsible.
- D. The user activity report is an adoption/usage report showing counts and durations (meetings attended, audio time). It contains no network quality metrics such as packet loss or jitter and cannot attribute degradation to a stream direction.
Memory hook: Streams have direction; calls don't. Root-cause hunting = streams.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/quality-of-experience-review-guide#what-is-quality
You use your own session border controller (SBC) with Direct Routing. Calls are intermittently failing and you want per-call diagnostics - SBC FQDN, final SIP response code, Microsoft subcode, and a correlation ID - to investigate signaling between your SBC and Microsoft's SIP Proxy. Where in the Teams admin center do you find this?
Correct answer: C. The Direct Routing tab of the PSTN usage report (Analytics & reports, then Usage reports)
The Direct Routing tab of the PSTN usage report is built for diagnosing signaling between your SBC and Microsoft's SIP Proxy. It surfaces the SIP call flow: start/invite/failure/end times, SBC FQDN, Azure region, final SIP code, final Microsoft subcode, final SIP phrase, and correlation ID.
Why the other options are wrong:
- A. The Calling Plans tab covers Microsoft-carried calls (Calling Plans and Operator Connect) with minutes, cost, and numbers, not SBC/SIP diagnostics.
- B. The PSTN minute pools report shows licensed-minute consumption for the month, not per-call SIP diagnostics.
- D. The PSTN blocked users report lists users blocked from PSTN and the reason; it carries no SIP/SBC call detail.
Memory hook: SBC + SIP codes + correlation ID points to the Direct Routing tab of the PSTN usage report.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/teams-analytics-and-reports/pstn-usage-report
You need a per-user breakdown showing how many 1:1 calls each user participated in, how many meetings they organized versus participated in, and their last activity date. Which Teams admin center report provides this?
Correct answer: C. The Teams user activity report.
The Teams user activity report gives per-user metrics: channel and private chat messages, 1:1 calls participated in, meetings organized versus participated in, audio/video/screen-share time, and each user's last activity date.
Why the other options are wrong:
- A. The Teams usage report is team-scoped (active users, active channels, messages, guests), not per-user call/meeting counts.
- B. The PSTN minute pools report shows calling-plan minutes consumed by license and region, not per-user activity.
- D. The device usage report breaks activity down by platform (Windows, Mac, iOS, Android), not per-user calls and meetings.
Memory hook: Per-USER calls and meetings = USER activity report; per-team totals = usage report.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/teams-analytics-and-reports/user-activity-report
A user reports that Teams is displaying stale data and behaving unexpectedly on their Windows computer running new Teams (not classic Teams). The Teams administrator wants to clear the cache without resetting app personalization settings if possible. Which path should the administrator use to delete the cache files for new Teams on Windows?
Correct answer: C. %userprofile%\appdata\local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams
For new Teams on Windows, the cache files are located at %userprofile%\appdata\local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams. Deleting files in this directory clears the cache without using the app Reset option (which also deletes personalization settings). The path %appdata%\Microsoft\Teams is the classic Teams cache location, not the new Teams cache location.
Why the other options are wrong:
- A. C:\ProgramData\Microsoft\Teams is not a documented Teams cache location. Teams user cache is stored in the user profile directory, not in ProgramData.
- B. C:\Program Files\Microsoft\Teams is not the correct cache location. Program Files contains application binaries, not user cache data.
- D. The path %appdata%\Microsoft\Teams is the cache location for the classic (old) Teams client on Windows, not for the new Teams client. Using this path on a new Teams installation would not clear the correct cache.
Memory hook: New Teams cache = MSTeams_8wekyb3d8bbwe in LocalCache. Classic Teams cache = %appdata%\Microsoft\Teams. Know which client you are clearing.
Microsoft Learn: https://learn.microsoft.com/troubleshoot/microsoftteams/teams-administration/clear-teams-cache
A developer needs to programmatically pull raw per-call and per-stream quality records (jitter, packet loss, endpoint IPs) into a custom data pipeline, scripted through the Microsoft Graph PowerShell SDK rather than the CQD portal UI. Which data source is designed for this?
Correct answer: B. The Microsoft Graph callRecords API (call records / CDR), which exposes raw call-quality records for programmatic access.
The Microsoft Graph callRecords API is the documented programmatic path to raw call-quality data and can be scripted through the Graph PowerShell SDK or REST. Microsoft notes that callRecords may not contain every CQD field and that naming conventions can differ between the two.
Why the other options are wrong:
- A. Get-CsUserCallingSettings returns call forwarding, delegation, and group-call-pickup settings - not QoE media metrics.
- C. Get-CsCallQueue Statistics reports current queue size (a line being retired in 2026), not per-stream jitter or packet loss.
- D. The Power BI Connector powers Power BI templates; it is not a PowerShell/scripting extraction interface, and it is not the only option.
Memory hook: Raw call records in code = Graph callRecords API, not a Cs* cmdlet.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/cqd-data-and-reports
A department manager requests an export of the Teams user activity report. When the Teams administrator downloads the report from the Teams admin center, the display name and email columns contain 32-character hexadecimal strings instead of user names. What must be done so the report shows actual user names?
Correct answer: C. A Global Administrator must turn off the 'Display concealed user, group, and site names in all reports' setting in the Microsoft 365 admin center under Settings, then Org settings, then Services, then Reports.
Since September 1, 2021, Microsoft conceals identifiable information in usage reports by default, replacing display names, group names, emails, and Microsoft Entra IDs with MD5 hashes to help organizations support local privacy laws. Only a Global Administrator can change this: in the Microsoft 365 admin center, go to Settings, then Org Settings, then the Services tab, then Reports, and change the 'Display concealed user, group, and site names in all reports' setting. The setting applies simultaneously to usage reports in the Microsoft 365 admin center, the Teams admin center, Microsoft Graph, and Power BI. Because it is an org-wide privacy control, changing it should go through change control, and some organizations must legally keep it enabled.
Why the other options are wrong:
- A. There is no independent identifiable-reporting toggle in the Teams admin center. The single setting in the Microsoft 365 admin center governs both portals' usage reports, plus Graph and Power BI outputs.
- B. Report anonymization is a tenant-level setting, not a role-based view restriction. Reports Reader is one of the roles that can access usage reports, but no role assignment reveals concealed names while the org setting is enabled.
- D. The 28-day purge applies to EUII fields in Call Quality Dashboard records, not to usage reports. Usage report anonymization is a reversible display setting; once a Global Administrator disables it, reports show actual names again.
Memory hook: Hex strings in reports = concealed-names setting (default ON since Sept 2021). Fix: Global Admin in the M365 admin center, Org settings, then Services, then Reports.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/teams-analytics-and-reports/teams-reporting-reference
In the Teams admin center meeting troubleshooting view, a completed meeting shows an issue for one participant categorized under the 'Media' root cause area. How should the administrator interpret this classification?
Correct answer: A. There is high confidence that the user experienced noticeably degraded media quality, without the issue being attributed to the network, compute, or device categories.
The meeting troubleshooting experience categorizes each detected issue into one of four root cause areas: Network (poor network conditions), Compute (lack of processing/memory resources on the user's device), Device (microphone, speaker/headphones, or camera), and Media, which Microsoft defines as 'high confidence that the user experienced noticeably degraded media quality.' Media is the classification the intelligent media quality classifiers assign when they are confident the experience was degraded but the telemetry does not pin the cause to one of the other three areas. Operationally, a Media classification is the signal to export the session telemetry for deeper analysis or escalate to Tier 2, since the system has confirmed a real degradation without isolating a single subsystem.
Why the other options are wrong:
- B. Insufficient processing or memory resources on the endpoint map to the 'Compute' root cause area. Media does not indicate a resource constraint; it indicates confirmed perceptible degradation without a single attributed cause.
- C. Network conditions have their own root cause area named 'Network.' If the classifiers had attributed the degradation to the network path, the issue would have been categorized there, not under Media.
- D. Peripheral problems - microphone, speaker/headphones, or camera - map to the 'Device' root cause area, which is distinct from Media.
Memory hook: Media = 'we're sure it was bad, not sure why.' Network/Compute/Device name the culprit; Media names the experience.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/monitor-troubleshoot-teams-meetings-calls#investigate-a-meeting
Using the Teams admin center's Notifications & alerts framework, you want to be notified whenever a specific set of executives experiences audio problems (packet loss, jitter, high round-trip time) during in-progress meetings, with alerts posted to a Teams channel. Which prerequisite must those monitored executives meet for the rule to work?
Correct answer: C. Each monitored attendee must have a Teams Premium or Teams Rooms Pro license.
The in-progress meeting audio (and video/screen-sharing) quality alert rules only monitor attendees who hold a Teams Premium or Teams Rooms Pro license. A Teams service admin configures the rule under Notifications & alerts, then Rules, and alerts can be delivered to a Teams channel or a webhook.
Why the other options are wrong:
- A. Managed-subnet upload affects CQD Inside/Outside reporting and optional subnet scoping of alerts, but it is not the prerequisite that makes a user eligible for monitoring.
- B. The support roles determine which admins/agents can troubleshoot; they are not a licensing prerequisite on the monitored users.
- D. CQD activation is a tenant-wide enablement, not an account-level toggle, and it is not what enables in-progress meeting alerting for a user.
Memory hook: In-progress meeting quality alerts watch only Premium / Teams Rooms Pro users.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/alerts/teams-admin-alerts
You upload a building data file in the Teams admin center under Analytics & reports, then Building and endpoint data, mapping your corporate subnets so Call Quality Dashboard (CQD) can distinguish internal (managed) networks. Two days later a colleague reports that calls they made LAST WEEK still show their subnet as unmapped and their location as Outside in CQD. What is the most likely reason?
Correct answer: C. Building and endpoint data is applied only to calls that occur after the file's specified start date; it is not applied retroactively to earlier calls.
When you upload a building/endpoint file you set a start date, and the data is joined only to call records generated after that date. It is never applied retroactively, so calls made before the upload's effective start (like last week's) stay unmapped and continue to report as Outside.
Why the other options are wrong:
- A. The building data file must NOT contain a header row; its first line is expected to be real data. A missing header is normal, not a rejection cause.
- B. Processing takes up to ~4 hours, and two days have already passed. Processing also never back-fills calls that predate the file's start date.
- D. Activating CQD is a one-time tenant enablement, and it would never retroactively re-map old calls, so it can't explain a week-old subnet staying unmapped.
Memory hook: Building data is forward-only: it maps tomorrow's calls, never yesterday's.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/cqd-upload-tenant-building-data
After uploading a building data file, a Teams administrator opens the Missing Subnet Report on the Quality of Experience Reports page in CQD to find managed subnets that were missed. The report returns hundreds of unfamiliar subnets that do not belong to the organization's address space. The organization regularly meets with federated partner organizations. What should the administrator do to make the report actionable?
Correct answer: C. Add a query filter on the Second Tenant ID dimension set to the organization's own tenant ID, because the report otherwise shows federated subnets.
Microsoft Learn's building data guidance is explicit: to filter the Missing Subnet Report to view only your organization's tenant data, you need to add your tenant ID as a query filter for Second Tenant ID; otherwise, the report shows federated subnets. The report presents all subnets with 10 or more audio streams that are not defined in the building data file, and in an environment with heavy federation, partner-tenant subnets flood the list and make it look far worse than it is. Filtering on your own tenant ID narrows results to your unmatched subnets, which are the only ones you can actually add to your building file. Microsoft also recommends adjusting the Month Year filter to the current month.
Why the other options are wrong:
- A. The VPN column triggers full subnet expansion, which degrades query performance and can push the file past the expanded row limit. It flags VPN subnets; it has nothing to do with federated noise in the Missing Subnet Report.
- B. The 10-audio-stream minimum is a deliberate noise filter in the report design. The problem described is too many irrelevant subnets, not too few - lowering the threshold would make the noise worse, and it is not what the documentation prescribes.
- D. Common home subnets are already excluded from the Missing Subnet Report by design. The unfamiliar subnets in this scenario come from federated partner tenants, which the Second Tenant ID filter removes.
Memory hook: Missing Subnet Report shows everyone's subnets by default - filter Second Tenant ID = YOUR tenant, or you're chasing partners' networks.
Microsoft Learn: https://learn.microsoft.com/microsoftteams/cqd-upload-tenant-building-data#locate-missing-subnets