The Workplace Spyware You Didn't Know You Had. How Microsoft 365 monitors employees.

Your employer doesn't need to install spyware on your laptop. The monitoring tools came bundled with the Microsoft 365 licence they've already paid for. And in most organisations, nobody has ever told employees that these features are switched on.

This article breaks down the seven Microsoft 365 features most commonly used to track how you work, when you work, and whether you're actually doing what you say you're doing. If you manage a team, it also covers where the line sits between useful data and surveillance creep.

We've also put together a full video walkthrough, more on that at the end.

What Your Manager Can See Without Asking IT

Picture this. It's a Tuesday. You've had what you'd call a solid morning. A few emails, a Teams call, a couple of tasks moved forward. You close your laptop at half five feeling reasonably good about the day.

Meanwhile, somewhere else in the business, your line manager opens a single dashboard. On that dashboard: how many Teams messages you sent, which meetings you attended and for how long, whether your camera was on, whether you were an active participant or just a warm body in the waiting room, how many files you edited in SharePoint, and whether you had any two-hour stretches of total silence.

They didn't request a special report. They just opened a tab. That's it.

Here's the seven features making that possible.

1. Microsoft 365 Productivity Score and Employee Monitoring

When Microsoft launched this, it caused a significant backlash, and rightly so. The Productivity Score is a built-in admin dashboard giving IT and senior leadership a detailed breakdown of how employees use Microsoft 365. Email activity, SharePoint collaboration, Teams participation, whether you're using the mobile or desktop app — all of it.

When it first launched, it showed individual-level data: your name, your scores, your ranking. Privacy advocates called it a surveillance tool dressed up as a productivity feature. Microsoft responded by rolling individual data into company-wide anonymised stats.

But here's what most people miss: Microsoft 365 enterprise admins can monitor employees, they can still pull individual-level data through other reporting tools within the Microsoft ecosystem. The name came off the leaderboard. The data didn't go anywhere.

2. Teams Activity Reports

This one lives in the Teams admin centre and it's probably the most commonly used monitoring tool in any Microsoft shop. For any given user, over any given time period, an IT admin or manager can pull a report showing: messages sent, calls made, meetings joined, whether audio or video was on, how long meetings lasted, and how long the user was actually present.

For a manager building a performance case, this is useful data. Someone who's been in three meetings this week with their camera off, sent zero messages, and left early every time? That's all in the report. There's also a Call Quality Dashboard that logs audio dropouts, network issues, latency, and even which microphone you were using.

Most of it exists for diagnostic reasons — helping IT fix problems. But the data is logged regardless. For basic fault fixing, this is essential but it doesn't get away from the fact that Microsoft 365 has employee monitoring.

3. Viva Insights

Microsoft markets this as a wellbeing tool. The personal version genuinely is — it nudges you to take breaks, block focus time, and stop answering emails at 11pm. Useful stuff.

The manager and leader dashboards tell a different story. Those views aggregate data across your entire team's Microsoft 365 activity, emails, meetings, chats, calendar and surface patterns. Who's working outside contracted hours? Who's back-to-back all day? Who isn't connecting with the wider organisation? Who's collaborating with who?

Technically anonymised at the individual level. But if you manage a team of four and the data says one person is sending emails at midnight every night, you don't need to be a detective.

4. Microsoft Purview Compliance Centre and eDiscovery

This is the nuclear option. It doesn't get used often, but when it does, it's comprehensive.

Microsoft Purview gives organisations the ability to run content searches across the entire Microsoft 365 ecosystem. Emails, Teams messages, SharePoint files, OneDrive documents, calendar entries, everything. An admin can run a query for every message containing a specific word, sent by a specific person, over a specific date range. Within minutes, they have a full report.

The key thing to understand: deleting a message in Microsoft 365 doesn't mean it's gone. It moves to a retention archive where it sits until the retention policy expires. If there's a legal dispute, an HR investigation, or a regulatory inquiry, eDiscovery gets triggered and everything becomes searchable — including deleted messages.

Practical takeaway: if you're typing something on a company device or platform that you wouldn't want a lawyer reading in a courtroom, don't type it.

5. OneDrive and SharePoint Version History

Every document you open, every edit you make, every file you share, even if you move or delete it is logged in SharePoint and OneDrive with timestamps and user attribution.

An IT admin can access any employee's OneDrive directly without the employee knowing. They can browse folders, open documents, and review edit history. The most common reason is offboarding, when someone leaves, the company needs access to their files. But the capability exists all of the time, not just at the exit point.

For version history specifically: every time you save a file, a new version is created. If you spent an hour on a document and then deleted everything you wrote, the previous version still exists. Useful if a file corrupts. Also a complete audit trail of everything you've ever done inside a shared document.

6. Microsoft Copilot

This is the newest layer, and probably the most significant shift in how monitoring actually works in practice.

Copilot is Microsoft's AI assistant, deeply integrated into Microsoft 365. For individual users, it's a productivity tool, summarise this email, draft this response, find this file. All useful.

For managers, it opens up something new. A manager can open Copilot and ask: what has [name] been working on this week? What are the latest conversations in our shared channels? Is there anything I should know before our one-to-one? Copilot will pull from public Teams channels, shared files, emails, anything the manager has legitimate access to and return a readable summary in plain English.

Previously, accessing all of this required knowing where to look, how to pull a report, and what to do with it. Now it's a question typed into a chat window. The barrier to monitoring has dropped to near zero.

7. Microsoft Defender for Endpoint

This one tends to sit in larger enterprises and regulated industries, but it's worth knowing about. Defender for Endpoint is a security tool that monitors managed devices across the organisation, application usage, web activity, login times, and unusual behaviour flags.

Your IT security team uses it primarily to detect threats and compromised accounts. But the data it collects is comprehensive. If you're on a company-managed laptop, the websites you visit during the day are not private. The logs exist.

What This Actually Means for You

If You're an Employee

First, find out what your company's monitoring policy actually says. Under GDPR, UK organisations are legally required to tell employees what data they collect and why. It should be in your employee handbook or your contract. If it's not, request it.

Second, keep personal activity on personal devices. If you're logging into Teams on your personal phone, understand that personal devices used for company work can be brought into legal proceedings. That's not hypothetical, it's happened.

Third, don't waste energy gaming the metrics. The realistic risk isn't day-to-day surveillance. It's data being pulled when something has already gone wrong and someone is under scrutiny. If your work output is solid and your behaviour is professional, the dashboard isn't your problem.

If You Manage People or Make Technology Decisions

Just because you can use all of this data doesn't mean you should. The temptation, especially with remote teams, is to use activity metrics as a proxy for performance. Message count, meeting attendance, time online, it's all measurable, so it must mean something.

It doesn't. Not directly. Someone sending 200 Teams messages a day and delivering nothing useful is still delivering nothing useful. Someone who sends 10 messages a day but hits every deadline and every budget isn't a problem because their activity score looks quiet.

Use this data as a diagnostic tool, to spot someone who might be struggling, troubleshoot technical problems, or build a documented performance case when one is genuinely warranted. Don't use it as a scoreboard.

And if your organisation is relying on Microsoft 365 activity data to understand whether people are performing, you've got a management problem, not a dashboard problem.