If your employer provided your device or VPN, assume they can see application usage, web browsing history, file access logs, and in some configurations keystroke and screenshot data. Work devices and work networks are employer infrastructure. The monitoring tools deployed on them are extensive and legal in most jurisdictions, though disclosure requirements and employee protections vary significantly depending on where you are.
Analysis Briefing
- Topic: Remote work employer monitoring and surveillance scope
- Analyst: Mike D (@MrComputerScience)
- Context: A research sprint initiated by a reader question
- Source: Pithy Cyborg
- Key Question: What does your employer’s IT stack actually capture from a work-from-home setup?
What Endpoint Management Software Captures on Work Devices
If your employer provided your laptop, assume endpoint management software is installed. Common features include application usage monitoring, web browsing history, screenshot capture at configurable intervals, keystroke logging, and file access logging.
Specific tools in common enterprise use include Microsoft Intune, Jamf, CrowdStrike Falcon, and Carbon Black. The security platforms are primarily designed for threat detection but generate logs that include employee activity data as a byproduct.
Your employer does not need to be actively watching. These systems log continuously and the logs exist and can be reviewed.
| Monitoring Layer | What They See (Company Device) | What They See (Personal Device) | Privacy Risk Level |
| Endpoint (App) | Keystrokes, screenshots, active window time, file names. | Nothing (unless MDM/Work Profile is active). | High: Captures “how” you work. |
| Network (VPN) | Every website visited; full content if SSL inspection is on. | Only traffic sent through the VPN app (Work Slack/Email). | Medium: Captures “where” you go. |
| SaaS (Office/Slack) | Message history, “last active” timestamps, file edits. | Identical. Usage is logged at the server level, not the device level. | High: Captures “what” you say. |
| AI Analytics | Sentiment & Burnout Scores. (AI summarizes your “tone” and “pace”). | Sentiment & Burnout Scores. (Based on your sent messages/emails). | New (2026): Captures “how” you feel. |
The Retrospective Log Problem Most Employees Don’t Consider
The more likely risk for most employees is not real-time surveillance. It is retroactive log review.
During normal operations, most employers are not actively monitoring individual employees. But logs accumulate regardless of whether anyone is watching them. When an HR investigation opens, when a termination dispute arises, when legal discovery is triggered, or when a security incident is investigated, those historical logs become relevant and are reviewed. Activity that seemed invisible at the time because nobody was watching becomes part of the record.
The practical implication is that the question is not whether anyone is watching right now. It is whether you would be comfortable with a complete log of your work device activity being reviewed in a future context you cannot predict.
These days, assume your ‘vibe’ is being logged. Many enterprise tools now provide ‘Organization Health’ dashboards that flag teams with ‘negative sentiment’ or ‘low engagement’ based on the language used in chats and emails.
What the VPN and Network Layer Captures
Connecting to your employer’s VPN routes your network traffic through employer infrastructure. Your employer can see the destinations of your network requests: which websites you visit, which services you connect to, and at what times.
SSL inspection is a corporate network feature that decrypts and re-encrypts HTTPS traffic as it passes through a corporate proxy. This allows inspection of encrypted connection content. You can detect SSL inspection by examining the SSL certificate on any HTTPS site when connected to the VPN. If the certificate was issued by a corporate certificate authority rather than a public CA, SSL inspection is active.
What Microsoft 365 and Collaboration Tools Log
Microsoft 365 and Google Workspace include analytics features that generate data about how employees use the applications. This includes email metadata, meeting patterns, document access and editing activity, and collaboration patterns.
Video conferencing platforms log meeting attendance and duration. Slack and Teams retain message history, and in enterprise deployments that history is accessible to administrators. Treat work communication tools as employer infrastructure, not private channels.
The Legal Picture and Why It Varies
In the United States, employers have broad legal latitude to monitor activity on employer-owned devices and employer-provided networks. However, several states have enacted employee monitoring notification laws requiring employers to disclose that monitoring occurs. Connecticut and New York have explicit notification requirements, and other states have followed with similar provisions.
Outside the US, the picture is considerably more constrained. GDPR imposes meaningful limits on employee monitoring in EU member states, including requirements for legitimate purpose, proportionality, and in some cases consultation with employee representatives before monitoring tools are deployed. If you are outside the US, your employer’s latitude is likely narrower than this piece’s US-focused framing suggests. Check the employment law in your jurisdiction.
Pro-Tip ➞ If you live in a ‘Notice State,’ check your inbox for an ‘Electronic Monitoring Disclosure.’ Employers are now legally required to send this annually. It is the literal ‘cheat sheet’ for what they are tracking.
The BYOD Gray Zone Most Remote Workers Are Actually In
If you use your personal device for work, read the MDM enrollment agreement before accepting it and ask your IT department specifically what the MDM can and cannot access on a personally-enrolled device. Most will answer honestly if asked, and the answer is usually less alarming than people fear.
When you enroll your personal device in your employer’s mobile device management system to access work email or Slack, you grant the MDM software specific capabilities over your device. Depending on the MDM platform and enrollment type, this can include the ability to wipe the device remotely, enforce screen lock policies, and access certain device metadata.
What most BYOD policies cannot do on a personally-enrolled device is access personal app data, personal photos, or personal communications. The MDM typically operates in a work container separated from personal data. But the line varies by platform, by enrollment type, and by how carefully your employer configured the policy. Know where it sits before you enroll.
What This Means For You
- Use personal devices on personal networks for any activity you would not want your employer to be able to see. This is the complete solution.
- Think in terms of logs, not live surveillance. The question is not whether anyone is watching now. It is whether you would be comfortable with a full activity log reviewed retroactively.
- Check for SSL inspection by examining certificates on HTTPS sites when connected to employer VPN.
- Ask your IT department directly what monitoring tools are deployed and what your BYOD enrollment covers. Most will answer honestly if asked.
If this was useful, more like it lives at Pithy Cyborg | AI News Made Simple.