What can my boss know about my activity ?

[Pikop]

Hi, 

Recently I was having a conversation on Teams with an IT admin at my company. I was abroad to visit a client for a bit and she told me "I was looking at the logs and notices you came back on tuesday".

 

This got me thinking : what are "The Logs" and what information does my company have on me about my online activities?

 

Im in France and we are using Windows machines without any visible monitoring software installed. My chrome browser is "managed by my organisation" but I use Brave for my daily activities.

 

If there are any IT admin, employer or employees here who can tell me I'm intrested. If you have testimonies about being spied on at work Im intrested.

 

Tell us where you live for context.

[Skiiwee29]

Moved to Off Topic. 

 

Do you use a VPN to connect? If so, they can track the IP addresses from where you login from this way. 

[tkitch]

nowhere near enough info to say for sure.

 

Do you have VPN to connect to your office?

Are you using something else to connect?

 

There are any number of ways to see where you're at, and things you've done.

[saintlouisbagels]

1 hour ago, Caroline said:

I'm the one spying. Not like I want to but all of the machines log activity so I'll know if there's an employee trying to look at furry smurfs porn at work. I know of companies using keyloggers (this might be illegal in the EU) that report daily to the management server but the one I work for does not.

 

By managing the OS and browser the admin can read stuff like times you've logged in, hours the computer has been active, the websites you browse, the software installed, files downloaded, etc. Despite common belief, installing a different browser will not make your activity private if the machine is controlled by the company.

We have Controlio deployed and it basically monitors everything employees do on the computer. All user accounts have limited permissions, BIOS setup is locked and initial USB support disabled, so you can't access the setup with the standard USB keyboards, you (that would be me) have to use a PS/2 to perform any changes or access things like Safe Mode. I can log into the webadmin interface and see in real time what every terminal is doing, and even start a remote session to get live view of the desktop and take screenshots and video, chances are your company can do that as well, at least if they have a decent IT like me /s

 

Login is done with cards, from my POV that's a big pain in the A... because if the card or reader is dirty the terminal locks, it's an old system so the readers do fail from time to time.

My company issues us work laptops and it has its own software management thing installed. I'm assuming IT or whoever can see everything on it. And the way we connect to the company internet is by connecting to the work SSID with the same login credentials as our (Windows) laptops.

 

But also, we can use any personal devices we want via the same credentials. Due to this, I do 99% of my work on my personal MacBook Pro and obviously I'm on Facebook/Instragram/Twitter a lot on my personal cell phone.

How much can IT see on these personal devices? I've been using my personal devices for 2+ years and I have not been issued warnings or anything. My direct bosses (I've switched departments 2 times) have all been aware of my personal device usage too. *shrug*

 

If it matters, my building is a very small branch of our parent company, so I'm wondering if we're too small of a location for IT to even care about anyone's activities.

[DoctorNick]

4 hours ago, Pikop said:

Hi, 

Recently I was having a conversation on Teams with an IT admin at my company. I was abroad to visit a client for a bit and she told me "I was looking at the logs and notices you came back on tuesday".

 

This got me thinking : what are "The Logs" and what information does my company have on me about my online activities?

 

Im in France and we are using Windows machines without any visible monitoring software installed. My chrome browser is "managed by my organisation" but I use Brave for my daily activities.

 

If there are any IT admin, employer or employees here who can tell me I'm intrested. If you have testimonies about being spied on at work Im intrested.

 

Tell us where you live for context.

Do you use Office 365 for your calendar? Then that's a way, you can share calendars in office 365 for business. Also your PC is managed and you might be able to tell from the IP-address logged, that you wasn't at home/office. If chrome is managed by your company, then thats the same, with IP and so on. Maybe Chrome is reporting actual location, instead of just IP. I wouldn't know, because I haven't tried Chrome enterprise or what it's called.

[Pikop]

5 hours ago, Caroline said:

I'm the one spying. Not like I want to but all of the machines log activity so I'll know if there's an employee trying to look at furry smurfs porn at work. I know of companies using keyloggers (this might be illegal in the EU) that report daily to the management server but the one I work for does not.

 

By managing the OS and browser the admin can read stuff like times you've logged in, hours the computer has been active, the websites you browse, the software installed, files downloaded, etc. Despite common belief, installing a different browser will not make your activity private if the machine is controlled by the company.

We have Controlio deployed and it basically monitors everything employees do on the computer. All user accounts have limited permissions, BIOS setup is locked and initial USB support disabled, so you can't access the setup with the standard USB keyboards, you (that would be me) have to use a PS/2 to perform any changes or access things like Safe Mode. I can log into the webadmin interface and see in real time what every terminal is doing, and even start a remote session to get live view of the desktop and take screenshots and video, chances are your company can do that as well, at least if they have a decent IT like me /s

 

Login is done with cards, from my POV that's a big pain in the A... because if the card or reader is dirty the terminal locks, it's an old system so the readers do fail from time to time.

Does it all go through Controlio ? As far as I'm aware there is not such thing on my work laptop. We are using Microsoft Company Portal and TeamViewer and we dont have dedicated staff so we are not into that far in spying

Maybe I should go see furry smurfs porn to see if they spy on me..

[Stahlmann]

Obviously that depends on the settings your company uses. Some monitor EVERYTHING, some only monitor specific events like for example when the antivirus triggers or you try to visist a blacklisted website. Many companies blacklist popular social media like twitter or facebook for example.

[Guest]

On 6/16/2023 at 11:36 AM, Pikop said:

This got me thinking : what are "The Logs" and what information does my company have on me about my online activities?

Relevant to Teams and Microsoft 365 more broadly, there are a few 'logs' available plus some 'search' tools. For context, using Teams as part of Microsoft 365 for business/enterprise/education creates an Azure AD account, tied to that organisation. For example, megan.bowen@contoso.com would be associated with the Contoso Azure AD environment.

 

With that being said, your workplace will have access to the following logs (depending on licensing)

• Azure AD Sign In Logs - Link
  • These are the 'sign ins' you make to Teams or other Microsoft 365 / Azure AD integrated services. It will show your location (based on IP or GPS), device details (whether it's BYOD or corp. registered/owned etc), authentication protocols and more.
• Azure AD Audit Logs - Link
  • Basics of what you did, in relation to your Azure AD account. For example, password change, registering new MFA tokens, changes in group membership (join/left a Team) etc.
• Unified Audit Log / Purview Audit Log - Link
  • This is detailed activities that you performed: things like messages sent (not the content, just the action), files downloaded/shared/created etc.
• Purview Communications Compliance & Data Loss Prevention - Link
  • These two in combination will look at your activity and alert based on what you're doing. Commonly CC is used to address either insider trading issues or workplace bullying while DLP is used to protect against harm from data loss - think PII data leakage.
  • Neither are 'logs' that are searchable but more policies that are setup to monitor activity and generate an alert when matched.
• Purview eDiscovery - Link
  • This is like the librarian of your organisation. Ask it to find something across everywhere and it will find it. Want to find the conversation between X and Y on March 1st 2008? It'll find it.
  • eDiscovery is really only used when legal/HR departments request specific information relating to bullying/harassment/litigation issues. 
  • An eDiscovery 'search' actually kicks up a heap of noise itself, alerting the admins that someone is searching / exporting something. 

[Oshino Shinobu]

Depends what systems they use really.

 

It can range from simple sign in times, to full on GPS location if you have a work phone.

 

It's probably best to assume that they can see the sites you visit, where you log in from, when you log in, the devices you log in from and some more info. This is pretty standard stuff and is required to maintain a good security posture. For example, we have our sign in location logs from Azure AD that feed into our SIEM platform, which in turn alerts us if someone based in Austria for example, suddenly logs in from the USA, or if someone logs in from two different countries in a short period of time.

 

We have the ability to track our company phones with GPS coordinates, though we have rules about how we can use it. For the most part, it's only used if the user has misplaced their phone, or to check location in the event of a security incident. Ie. check if their work phone is in the same location a suspicious sign in came from.

 

EDIT: As someone else said, having another browser installed won't stop them from seeing what you do in most cases. If you're concerned about them seeing what you do, the real solution is to not use your work laptop for anything other than work related tasks.

[RasmusDC]

again.. they can see whatever they intend to see, depends on what softwares they run..

 

for instance we ran a portal on our Iphones, that became a giant discussion, we are a danish company, and we do focus on "trust" but we used this portal to push "own developments" and gain access to sharepoints and other sites, but the software had the "CAPABILITY" to both GPS monitor at ALL time, even offline. to track ALL use across ALL apps..

 

first of all we pay for our phones through a goverment taxation thing, the company still pays, just a Danish bullshit thing, but for me having a private phone, is nearly the same as having company paying for a phone i can use fully private.. so i might as well just say NO and then turn off my company mobile when ever i leave my work.. that is the alternative..

 

but we then had a contract that states they will NOT use it for monitoring.. etc... etc... we have actually had to work abit around this, because we would actually like location to work in company setups, because we can use it as a part of production localization for what machine you are standing at.. localization of inventory, but it is not legal pr. company definition, to actually protect employees..

 

But again, if you want to as a company, you can track everything you want to track, and keep logs if you want to.