Teamviewer Connection Details

Hi,
I am looking for information on Teamviewer / Teamviewer_sevice.exe. We have a User (a Developer), so has admin rights to laptop. The user has installed teamviewer. I believe teamviewer_service is what allows some to be able to remote onto said computer.

From the logs with MS Defender ATP (AzureAD/Office365). I can see both appear in the timeline of actions/events.

What i am interested in is if someone is remoted onto the said computer! We believe the user may somewhere else and using this is look like in the UK!!!!!!
Oh i work within the InfoSec department if you wondering why i am asking this.

Any advice to what to look for would be great.

I have entries like this, with different IP address at the end. would any of this have the source IP from where a remote connection would be coming from?

TeamViewer.exe successfully established connection with 127.0.0.1:49868 TeamViewer_Service.exe successfully established connection with 37.252.254.183:5938

Thanks in advance