The Workplace Spyware You Didn't Know You Had

Your boss doesn't need to install spyware on your laptop. They've already

paid for it.

And it came bundled with Microsoft 365 license. And there's a decent chance

license. And there's a decent chance that nobody in your company has ever told you that it's actually switched on.

So, in this video, I'm going to walk you through the specific Microsoft 365 features that your employer is almost certainly using to monitor how you work, when you work, whether you're actually

doing what you say you're doing. And I'm

going to show you exactly what's visible, what's hidden, and if you manage a team, where the line is between useful data and surveillance creep.

Because in this day and age, when we have this hybrid working policy, this kind of information I think is really important. Now, here's why. Picture

important. Now, here's why. Picture

this. It's a Tuesday. You've had what you think is a solid morning. You've

knocked out a few emails. You've sat

through a few Teams calls. You've moved

a couple of things forward. You close

your laptop at 5:15 in the evening or in the afternoon. You feel reasonably good

the afternoon. You feel reasonably good that you've had a good, productive day.

You feel happy with yourself.

Meanwhile, somewhere else in the business, maybe your line manager, maybe someone in IT, maybe HR, they open up a dashboard. One dashboard. And on

that dashboard is a neat little breakdown of your entire working day.

How many Teams messages you sent, which meetings you attended, and for how long you attended them, whether your camera was on, whether you were an active participant within that meeting or just a warm body sat within the meeting room

waiting room.

How many files you've edited in SharePoint, whether you've been collaborative or whether you've been going dark for 2-hour stretches. They

didn't ask IT for any of this special report, by the way. They don't need to.

They just opened a tab, clicked on the dashboard.

That's what they do. And this isn't hypothetical. This is Microsoft 365, and

hypothetical. This is Microsoft 365, and most of what I'm about to show you comes completely as standard when you get the business license that your company has already paid for.

Now, here's what's in that toolkit, and I'll share it with you. Feature number one of the toolkit is called the Microsoft 365 Productivity Score. This one is the one

Productivity Score. This one is the one that caused the most controversy a little while ago. Microsoft launched it, and for good reason it caused the controversy, right? The Productivity

controversy, right? The Productivity Score is a built-in admin dashboard that gives your IT and senior leadership team a detailed breakdown of how employees are using Microsoft 365.

We're talking at email activity level, Outlook, collaboration in SharePoint, OneDrive, Teams participations, whether you're using a mobile app or the desktop app. When it launched, it showed

app. When it launched, it showed individual level data. Your name, your activity, your scores. Remember it went mental last year. Microsoft got nailed for it. Privacy advocates said it was a

for it. Privacy advocates said it was a surveillance tool dressed up as a productivity feature. Microsoft

productivity feature. Microsoft responded by rolling up the individual data into anonymized data data-wide company stats. But, this is the bit most

company stats. But, this is the bit most people miss. Enterprise admins can still

people miss. Enterprise admins can still pull up individual level data to other reporting tools inside the Microsoft ecosystem. The name came off the

ecosystem. The name came off the leaderboard, but the data itself is still there.

Feature number two, Teams activity reports. This one lives in the Teams

reports. This one lives in the Teams admin center, and it's commonly the most Well, it's probably the most commonly used monitoring tool in any of the Microsoft shop itself. Your IT and admin

or your IT admin or your manager, they can pull a report showing for any given user, any given time period, how many chat messages you've sent, how many calls you've made, how many meetings you've joined, whether the audio or the

video was on, how long the meetings lasted, and how long they were actually present for. For a manager with a team

present for. For a manager with a team manager Remember that? Concerned about

potentially or building a performance case against somebody, this is actually really useful ammunition to have.

Somebody Somebody's been in three meetings this week, but their camera's been off. They've sent zero messages.

been off. They've sent zero messages.

They leave early every time. That's all

in the report. There's also something called the Call Quality Dashboard within that, which logs the technical quality of every single Teams call, the audio dropouts, the network jitter, the latency, even what your microphone

you're using, and how much of the battery you've had. Most of it is diagnostic surveillance. It's there to

diagnostic surveillance. It's there to help the IT teams fix problems, but it's all logged. All of it.

all logged. All of it.

Feature number three, Viva Insights.

Microsoft sells this as one of the well-being tool, and honestly, the personal version genuinely is well-being. It nudges you to take

well-being. It nudges you to take breaks, block focus time, not answer any emails at 11:00 p.m. But the manager and the leader dashboards in Viva Insights, they can tell a completely different

story. Those views aggregate data from

story. Those views aggregate data from across Microsoft 365, your emails, your meetings, your chats, calendar, and service patterns about all of your team. Who's working

outside contracted hours? Who's

back-to-back meetings all day? Who isn't

connecting with the wider organization?

Who's collaborating with who?

Technically, it's anonymized at the individual level, but if you're a team of four people and the data says one person is sending emails at midnight every night, well, guess what? You don't

need to be a detective to work out who that is.

Feature number four is called the Compliance Center and eDiscovery. This

one's the nuclear option, and it doesn't get used that often, but when it does, it's comprehensive. The Microsoft

it's comprehensive. The Microsoft Purview Compliance Center gives organizations the ability to run content searches right the way across the entire Microsoft 365 ecosystem. That means

emails, Teams messages, SharePoint files, OneDrive documents, calendar entries, everything. Nuclear, like I

entries, everything. Nuclear, like I say. An admin can go into the Compliance

say. An admin can go into the Compliance Center and run a query. Say, every

message containing a specific word sent by a specific person over a specific date range. And within a few minutes,

date range. And within a few minutes, they've got a full report, PST file, every message, every attachment, every version. Under normal circumstances,

version. Under normal circumstances, your manager can't read your private team Teams messages, but if there's a legal dispute, an HR investigation, a regulatory inquiry, eDiscovery gets triggered, and everything becomes

searchable. Every message, including the

searchable. Every message, including the ones you've deleted, because the deletion in Microsoft 365 doesn't mean it's gone. It just means it's been moved

it's gone. It just means it's been moved to a retention archive, where it sits within the retention policy and then expires at some point. The practical

takeaway here is simple. If you're

typing something on something on a company device or a company platform, and you wouldn't want a lawyer reading it in the courtroom, guess what? It's

not rocket science. Don't type it.

Simple. Feature number five then, OneDrive and SharePoint version history.

Every single document you open, every edit you make, every file you share, even if you move it or you delete it, all of it is logged within SharePoint and OneDrive with timestamps and user

usage. It's as simple as that. An IT

usage. It's as simple as that. An IT

admin can access any employee's OneDrive files directly without the employee even knowing about it. They can browse folders. They can open documents. They

folders. They can open documents. They

can review the edit history. The most

common reason to do this is offboarding.

When somebody leaves, the company needs access to their files, but the capability exists all of the time, not just at the exit point.

For document version history specifically, every time you save a file, a new version is created. If you

worked on something for an hour and then deleted everything you wrote, the previous version still exists in the in the history. That's genuinely useful.

the history. That's genuinely useful.

How many times have you gone through a document, spent an hour, and then lost it? Nightmare.

it? Nightmare.

But it's only useful if something doesn't get Well, if it gets corrupted, it is useful, but it also means there's a complete audit trail of everything you've done inside that shared document.

Feature six, Microsoft Copilot. This is

the newest layer, and honestly, the most significant shift in how monitoring works. Copilot is Microsoft's AI

works. Copilot is Microsoft's AI assistant, and it's deeply integrated within Microsoft 365. For individual

users, it's a productivity tool.

Summarize this email. Draft this

response. Find this file. All really

good, useful stuff. But for managers and leaders, Copilot opens up something new.

A manager can now open Copilot and ask, "What has Scott been working on this week?

What are the latest conversations you've had? Is there anything in our shared

had? Is there anything in our shared channels I should be aware of before our one-to-one?" And Copilot will answer all

one-to-one?" And Copilot will answer all of that. It pulls from the public Teams

of that. It pulls from the public Teams channels, shared files, emails, anything the manager has legitimate access to, and you can get that back, right? It's a

readable summary. There's no digging through reports, no building queries, just a question typed in plain English, and an answer. That changes the game for managers. Previously, accessing all of

managers. Previously, accessing all of this information required someone to know where to look, how to look, and how to pull the reports. Now, it's as easy as having a Copilot conversation, which

means the barrier to monitoring has just dropped to near zero.

Feature seven then is Microsoft Defender for Endpoint. This one tends to live a

for Endpoint. This one tends to live a little bit in larger enterprises, regulated industries, but it's worth knowing about, right? Defender for

Endpoint is a security tool that monitors managed devices across the organization. It tracks application

organization. It tracks application usage, web activity on company devices, login times, and it flags unusual behavior. Your IT security teams uses it

behavior. Your IT security teams uses it primarily to detect threats and compromised accounts, but the data it collects is comprehensive. If you're a company-managed If you're on a company-managed laptop and you think the

websites you're using during the day are private, guess what? They're not,

because the logs exist. So, be careful what kind of websites you want to have a little look at, because your IT team can see it.

So, that's the toolkit, seven of them.

Now, here's why this actually matters.

If you're an employee, the practical advice is pretty straightforward. First,

find out what your company's monitoring policy is. What does it actually say?

policy is. What does it actually say?

Under GDPR, organizations in the UK are legally required to tell employees what data they've collected and why. It

should be in your employee handbook or in your contract. If it's not there, go and request it, take a look at it.

Second thing, keep your personal stuff on personal devices. Don't log into your personal phone on on your Teams chat on your personal phone unless you absolutely have to. And if you do,

understand that in a legal situation, personal devices can be which have been used for company work can be used in legal situation. That's not technical,

legal situation. That's not technical, that's actually happened.

Third, don't spend energy trying to game the metrics if you're an employee. The

vast majority of managers don't sit there reviewing Teams activity and reports every week. The realistic risk isn't in the day-to-day surveillance of people watching, it's in data being pulled from some something that's

already happened and somebody that's under scrutiny. If your work output is

under scrutiny. If your work output is solid, your behavior professional, then the dashboard doesn't really need to be your problem.

If you manage people or make technology decisions, here's the harder conversation. Just because you can use

conversation. Just because you can use all of this data doesn't mean you should. The temptation, especially with

should. The temptation, especially with remote teams, is to use activity metrics as a proxy for performance. Message

count, meeting attendance, time online, it's all there, it's all measurable. So,

it must mean something. It doesn't, not directly. Someone sending 200 team

directly. Someone sending 200 team messages a day and delivering nothing useful is still just delivering nothing useful. Someone who sends 10 messages a

useful. Someone who sends 10 messages a day but hits every single deadline and every single budget isn't a problem just because their activity score looks quiet. So, use this data as a diagnostic

quiet. So, use this data as a diagnostic tool to spot somebody who's struggling maybe or so troubleshoot some technical problems that people are having to build a documented performance case when one

is genuinely warranted and not because you need because you want to. Don't use

it as a scoreboard. And if your organization is relying on Microsoft 365 surveillance data to understand where people whether people are performing, then you've got a management problem.

You haven't got a dashboard that you need to fix. That's a management issue.

Hopefully, that's given you a bit of insight. I mean, all of this setup is

insight. I mean, all of this setup is great when it's used properly and with the right morals. And having the right technology in place within your meeting room is great. What happens at 9:58 a.m.

when you have a meeting a meeting planned for 10:00 a.m. and you realize the camera's broken? Seriously, think

about it. What happens?

We use our Sport Track platform to remotely monitor and manage all of our clients' devices so that we can see long before that 10:00 a.m. 10:00 a.m.

meeting that the camera is offline and we can do something about it. So, if you want some information on that, check the Sport Track link down below and go and see what we've got to share on that.

Great.

Now, you know you know what can be monitored.

Don't be scared by it, but I'm just giving you the heads-up that can all be monitored. But knowing that information

monitored. But knowing that information is one thing. How do you know actually how to set up the perfect workstation when you have a hybrid or working from home policy? That's why I created this

home policy? That's why I created this video here, which shows you how to create the perfect home setup for guess what? Under $500. Go check it out.

what? Under $500. Go check it out.

[music] [music]