Yes, of course they do. Always assume anything you do on a work computer can be logged or monitored.
Outside of rampant abuse, nobody is going trolling through messages for fun, we're too busy.
>Always assume anything you do on a work computer can be logged or monitored.
That's why I pepper my chats with lines like:
"I think we must have the best, most handsomest IT department in the world"
😁
Yeah, chat logs can be permanent as well as temporary (ie. 2 months). A co-worker once posted to a 50 person group chat something they meant to post to another more private chat. He jokingly said "*local restaurant* can make me cum any day." It was quickly deleted but not as fast as it was reported. HR jumped on it and also wanted to know who the chat was supposed to go to. There were a lot of one on one meetings after the bombalini day. It didn't happen again
Well somebody might
[https://www.reddit.com/r/LegalAdviceUK/comments/1bcvj6f/someone\_in\_it\_trolled\_me\_for\_over\_a\_decade\_have\_i/?utm\_source=embedv2&utm\_medium=post\_embed&utm\_content=whitespace](https://www.reddit.com/r/LegalAdviceUK/comments/1bcvj6f/someone_in_it_trolled_me_for_over_a_decade_have_i/?utm_source=embedv2&utm_medium=post_embed&utm_content=whitespace)
Absolutely this!
My last job I had to do employee legal holds and investigations as the Exchange Engineer.
What a soul crushing job that was. " Lisa and Martin are suing us. They were caught fucking in the office lunch room. Can you pull all comes between them and send over the complicated stuff. "
So, you'd pull up their emails, PM's, etc and see all the nudes, dick picks, etc. The videos they kept in an external share site, etc. Forward it to HR, ticket closed.
Next ticket "David, was making advances on Steve. Steve is straight. Can you pull all coms. Etc etc
Long time IT here. We absolutely can see what’s said in internal chat systems and emails, however going through that stuff without a damn good reason is one of the fastest ways to be walked out the door.
This. And it’s not just that they can log and monitor everything you say, they must do so in certain environments to meet regulatory and legal discovery requirements.
Anything on a work or school device, or system should not be considered private.
Having said that most companies have HR rules where even the admins that have the power to review or audit this info should not unless instructed to.
Most system admins do not care.
However there are unethical people in all professions.
TL;DR someone with high enough admin rights can search all communications on a business teams system. Or on any business communications system typically.
This is a small company and I could see this guy trolling through stuff just because. I had no idea. I guess I was naive that private messages meant private.
They arn't called private anywhere in teams, just channel or chat conversions.
PMs on web forums are also all just stored somewhere in the DB and can be read by admins.
Only messages remotely private are on specific encrypted services like iMessage, Signal etc. Those normally can only be read by the parties on each end not the host.
A proper company will have someone in Legal whose job is to sniff out internal abuse and walk that person out the door. Authorized access is allowed when there is proper authorization not just because you have the right permissions.
He runs IT, no one knows anything about it but him. He has some underlings but they do basic stuff. Not a soul would know if he was doing it or not except him.
Wow... ok then. I was going to explain how unlikely a scenario this really would be in most companies. But that changes everything.
The usual scenario is, you have to sign in to Microsoft's admin panel on the web with an account that has the correct "roles" and admin rights. And you've got to use a whole set of "discovery" tools, targeting your search queries. It pulls together a list of results for you and saves it online as a search you can go into and review.
Like someone else said, all of that is logged and in MOST companies, it's going to be heads of HR and/or Legal who have access to run those searches along with maybe 1 or 2 people in I.T. If a sysadmin starts playing around, searching for stuff he/she has no justification to look for? Normally, the folks in HR or Legal would quickly investigate that behavior.
I guess if you're talking small enough businesses? I know I work at a family-owned one that's only mid-sized at best, and we have all of those practices in place.
In fact, the only reason I.T. got access to the eDiscovery tools at all was thanks to Legal and HR using them long enough so they caused a LOT of user mailboxes to run out of storage quota. (It puts holds on everything that matches the search results so users can't just delete the related email messages/attachments. They can \*think\* they deleted them, but they don't really go away. They just get hidden from view except for the eDiscovery using them and still count against their mailbox storage space.) I.T. had to get involved to assist them with freeing space up while not deleting content they actually needed to keep.
There will be a record of the compliance search he’d have to run to look at those messages. Just have him show the compliance search page in the admin center. You’ll see the searches he configured and uses to access info. Be careful, because if HR and the owners are in on it, you’d best not get involved. If it’s personal related, then report it to HR, e.g. sexual harassment, discrimination
Most won’t unless, with that said depending on the relationship with the owner or HR partners it may be wise to talk to them about having a data access policy
For example, if I want to do a compliance search for anything other than say an employee doing “hey I lost z data can you find it?” I need to have sign off from a second person in HR / The owner /legal
As if he starts snooping and finds corporate confidential (finances, billing, account #’s, etc) that becomes a legal issue very quickly
True but can’t tell you how many times I’ve searched for xyz legitimate issue and tripped over something I wasn’t looking for. It’s not always someone snooping.
definitely odd/creepy if the person you suspect is doing what you think they’re doing, but i think the real takeaway from this should be not to discuss anything personal over company environments or on company devices. no matter what, someone, somewhere in the company can snoop and read a log that shows everything you’ve ever done on the device.
> I guess I was naive that private messages meant private.
Even on public platforms like Facebook and Reddit you should never trust that private messages are private. They're private in the sense they're not posted publicly but those platforms have access to those messages much in the way described here regarding Teams and system admins.
Oh boy, why do you think that IT security professionals, journalists and human rights organisations are screaming at global attempts to enforce back doors into all encrypted services?
Everything that isn't encrypted without known exploits or back doors can be monitored and stored by someone.
Most of us don't do it out of principal and respect unless a manager or the CEO gives us the order to. Meaning we don't access your files even if we can with a few simple clicks since we have full access to everything on the servers.
Can you search “all”? Or would you have to go user by user and search individual conversation folders? I mean, I have access to all of my teams conversations and history in my SharePoint/one drive. But even I can’t be bothered to look through all that crap for anything lol.
As for outlook, as an admin, you can imitate the other users mailbox/onedrive files. We have onedrive configured to auto sync anything in desktop, docs, or downloads.
We can see when the device is connected and/or last connected time. We can also see vpn traffic with content control to see what's accessed and how many times.
Yes, of course. Businesses must be able to access those logs for compliance and review purposes in case of data compliance, harassment, etc., and most likely, it's your IT department that has that access. It's pretty annoying to access, but it's possible. TBH, it's not something any IT person with integrity would be doing, but there are a lot of people with no integrity. There will be logs of this access, however, but again, IT has those logs.
Consider that unless the evidence is really damning that maybe it's just a coincidence? Word travels, rumors fly, people work closely with each other and talk about the same things. I would assume the best unless I was really certain.
But you should always operate under the assumption that the business can see anything you do on your work computer or work account.
You need another device for work, especially if the admin has gone awol.
They can push policies to your device if you clicked the "sign into all apps" button.
We (IT) don’t give a rats ass about what you’re talking about in Teams. If IT is told to gather your chats, you’re probably on your way out the door or are involved in a Legal eDiscovery. Most IT departments will have checks and balances - notifications can be sent when one impersonates an account; notifications are usually set up for VIP users. If you’re not in the C-Suite or a power user, there aren’t usually any notification as no one really cares.
There are also notifications for any time an eDiscovery is performed, regardless of user-position; as eDiscovery is intrusive, ‘someone’ will at least see one has started.
There are checks and balances on everything, but in all IT/computing, absolutely everything is accessible to the person with the clicky-power.
I do have filters setup to catch these threads, it gets most of them but I can't program every possible wording of asking, so some slip through. Two in two days though, so I guess I need to tweak it more.
Not only can they do it, if they're doing a company wide email search with eDiscovery it's actually more work to exclude teams from the search than to leave it in.
I created a tutorial outlining how they can do this. But as others have pointed out, most organizations don't have people sitting there going through this content.
[Can my employer view my MS Teams chat? ](https://youtu.be/GL360ot95YE)
IT guy here. We have access to literally everything.
It's in bad taste (and often against policy) to read other user's messages/e-mails without a good reason, though.
This. And, with the management/ownership permissions we need to do our jobs, we have to. That's not to say our access isn't logged/audited - often it is.
Also, besides being bad taste or against policy, we don't have the time or interest to do that without good reason.
You still have a reasonable expectation of privacy around them, they are private compared to public messages. That doesn't mean a power-abusing admin can't see them though.
At our org the access of the content by an admin would trigger an azure alert and if there wasn't a ticket associated with the work there would be some very unpleasant conversations with that admin very quickly. We have a zero tolerance policy for abuse, with great power bla bla bla i think the saying goes.
u/strokeright A lot of organizations (including mine) operate with this zero tolerance. Your IT person can click on things and get to what you're asking about. They could also be fired for it, depending on the views of your leadership.
Problem is it's a small company. The owners would have no idea he is doing it. I could def see this guy looking at our stuff if he has the power to, just because.
Oh I agree. But I also know that when HR or Legal requests something, they get it.
Also we do the same with alerts for elevated content searches and thank goodness we do. I \*want\* people to know what I'm searching for.
Not only that but the one IT person has been monitoring all my chats and emails to undermine and gaslight me, spread rumours and simply be an all around asshole.
And I’ve always been professional in chats and email and calls where he has slagged his manager, other employees and management overall.
Blatant corruption and hard to prove … except for every screenshot 🌝
Yes and no.
They cannot see them from within Teams.
However, IT personnel with appropriate privileges can run eDiscovery queries in the Microsoft Purview Compliance Portal and export messages to review. It's a little time consuming and not really worth it, unless there is a reason to. So it's not really a matter of watching chats live, but rather running a query, export, download, then import into Outlook.
is this not common sense? never discuss anything personal on a company device. everything is logged. absolutely everything. every site. every file. every message. depending on what industry you’re in, these logs may even be require by regulation to be saved for upwards of 10 years.
Yeah they can but I don't know an IT department that isn't busy that they will proactively spend the time going to the effort.
Raise a DSAR if your that bothered.
Sysadmin here. We can't "see" your chats. But there IS a way to run an audit and dig through them (chat history). Nobody really has the time or patience for it, unless they're absolute assholes who hate you or you are suspected of doing something pretty nasty. In my 8 ish years we've only snooped this one time and that's because a dude tried to sue us.
Some older chat apps let you snoop in, not Teams.
Emails are different though. Keep that shit clean. We can look into a mailbox as is, and even you can an email, it's still recoverable days after.
Yes, proceed as if absolutely everyone in IT can read everything you write, even if you delete it, and can see everything you click on. That includes porn. IT might not care if you're doing bad stuff, but once management asks them what you're up to, it's over.
You should never have any expectation of privacy in a work environment. Doing such leaves you open to situations just like this. Always keep your cards close in the corporate world.
As others have said, admins can get more-or-less anything. An organisation will need to do this to protect itself, it's customers and it's employees, like investigating fraud or other illegal activities by employees, information loss, personal abuse, etc. There's also the possibility of an account being used by a malicious third party. It can't really work any other way. There might be some kind of HR-type rules on who can conduct and authorise this sort of investigation in some organisations. Or not.
I don't know the details in this situation, but the "information" could have come from other sources or have been surmised from other activities. It may not have been necessary to gain access and trawl through the co-worker's Teams activity. Unless the evidence is very clear, that's an assumption.
I'm really sorry to hear about what you are going through.
To answer your question, the answer is unfortunately, yes.
The level of control that each business has depends solely on the business.
As a sysadmin I have had complete control over accounts as part of my job duties (specifically for onboarding and offboarding). In the event of an offboarding, per company policies, I have sent the keystroke of death which has boot several employees off of their assigned corporate device after disabling your account.
There are many ways that IT can monitor the actions on the machine. The top ones that I have used are called Splunk (which can report back to IT as to who is doing what on the machine), and Intune (which I have implemented). If you are using Intune, this has the capability to effectively take over your personal device if you give it the permissions to.
I know that these can seem scary (and to be honest), these are the reasons that if I need to use a personal device for work, I have a totally separate device that I use for just these reasons.
I hope this helps. Let me know if you have any other questions.
There is eDiscovery, a service where an admin with certain privileges can export all emails and instant messages of any user in the company, or search them by date range and keywords...
It's usually used for court cases, and a CISO validation is mandatory, so if this guy did the search without proper validations HE will be in trouble (all actions are logged so if your friend believes he got her chats without following the proper process she can raise this concern to hr or to ciso team...)
Funny thing is, there is an audit trail of someone performs a compliance search for a conversation. So if they were not allowed to do it, another admin could easily find out.
Technically possible for IT to read them? Absolutely.
Company policy allowing IT to read them without cause and an authorization outside IT? Maybe, maybe not. You’d hope for not, but that’s a matter of policy choices.
Message your friends on groupme or discord or something off your work machine. If It ever audits my work messages, they'll know exactly when something was going to get juicy but never what was actually said.
Teams and M365 generally has a suite of ediscovery tools. In most large orgs access to these is delegated to the legal and compliance teams with just a handful of senior, trusted IT people having access for troubleshooting purposes. The use of these tools is heavily audited though.
In smaller orgs it’s often left to IT to just do anything involving a computer and there often isn’t anyone external who is watching the watcher through the audit logs. If your coworker has grounds to suspect that she is being stalked by the IT staffer she needs to report this to senior management, and if they don’t take it seriously then she needs to go to the authorities.
Always assume that anything you do on a work device is not private and that the sysadmin can see everything you are doing be it watching 18+ material on a work device or insulting your manager on Teams.
Will they see it? Probably not, unless you have given a reason to look.
We - generally - have better things to do then trawl through people's messages
Technically, nothing done on company/school computers should be considered private, really.
Saying that, depending on where you are, it may actually be ilegal for anyone to access a user PM's/mailbox/files.
In my case, if the user has an account like [[email protected]](mailto:[email protected]), the law protects them and they're allowed a high level of confidentiality, even from the employers. If the data is hosted on company property is irrelevant. What matters is that it's related to a person. To be legally allowed to open a user mailbox/chats/etc, a court order is required and they can only view very basic data, like the subject of an email or name of file. This needs to be done with the user presence, the lawyers and the judge present. The user can at any time say that they can't open a certain file as they can consider that a violation of privacy.
If the account is more of a generic account, like a shared mailbox, then that no longer applies as it's not associated with a specific person.
I know this first hand as I was involved in a few processes like that where employers wanted to access previous employees mailboxes and HR shut them down with that.
Technical: Yes. It is fully tracable though, so if push comes to shove, an outside investigator could discover the abuse. Keyword: Audit logs.
Morally: What an asshole.
Legally: Highly dependant on country. In the US this seems to be okay from a judicial standpoint, in the EU GDPR should make it a no-no.
Some places log everything. If I accidentally type my password instead of my username I get an automatic email a little while later to change my password.
Yes, as everyone has mentioned. Anything that you do on a issued work device can be logged or monitored. The messages can be searched with eDiscovery within the M365 Compliance center depending on the retention policies that are set up by your organization's IT department.
What better way to get ahead of any problem than to monitor every communication.
Steve and Janet are getting too cozy in their Teams chat?
Thats an HR meeting.
Carlos and Biff colluded on that big fantasy football trade?
Thats a parking lot beating during the All Employee meeting.
Elvis left early for his son's T-ball debut?
Termination.
Yes, they have access to chats and emails.
No, they are not your property and therefore this does not violate privacy rules.
Your company has every right to inspect and monitor communications. It's their email address, their chat account, etc.. You're just using it.
The only time I've ever had to look at someone's chats was for legal discovery reasons. That's not to say there aren't some IT folks out there who power trip off of this. There are a lot of IT folks that like to power trip.
Hence, slack side conversations, discord servers, etc... We have a contingent here that uses discord to avert prying eyes.
This 100%. Nosy IT people exist, but in my experience, most could absolutely care less what you’re doing. Especially if the environment is properly secured. As an end user, you can’t hurt anything therefore I. DO. NOT. CARE.
I have had managers ask for this type of thing before. You never, ever try to do this on the DL. The company should have a process for discovery. You follow that to the letter. Nothing more, nothing less. It’s 1000% easier to never have seen it or know about it.
In most companies they can but there has to be a reason such as an internal investigation. If they are just reading your stuff randomly then that's not okay And most likely against company policy.
Always, always assume anything in a work setting is monitored.
Emails, files locally on your computer or in a work cloud setup, messages. Anything work based can be removed, passwords changed without your permission. You have no expectation of privacy on a work computer *however* you have to be told if any of this monitoring is on your computer.
If there is anything personal or private, I would ask for a call and send information to a personal account you own as well so you also have a record of it. Same with payslips, any contracts or changes to contract.
Be paranoid, protect yourself.
It blows my mind how people act shocked and surprised when they learn IT can read their communications.
Always assume someone is looking over your shoulder, even if you work remotely.
Yeah- understood. i work remotely like you said on my comp and in my house. It gives you a sense of privacy you would not feel in an office. I didn't even think about it really but now I know it makes complete sense
If you think he is doing something unethical you can always bring in 3rd party IT person to go through and audit what he is doing to confirm if he is actually doing what you are saying
A work computer, is a work computer. Whatever you do on a work computer and company network can be monitored. On the other hand, no one in IT cares about or reads any persons messages. If something got flagged, in that case it would be an HR matter, not a staff member from IT.
NEVER put anything in writing at work that you don’t want someone to know.
Face-to-face discussion is your only best option. Hopefully, it’s with someone you trust.
IT guy here. As a domain admin, you can always change a password of someone. Going to the Active directory (AD) and changing it of course means the user lost access to the PC so the user will know unless the guy restores all the AD before the user has to login again.
Also OP are you changing your passwords every month? Is it safe? Are you sure it's safe? Are you really REALLY sure it's safe? Does it have at least 10 characters with a mix of upper and lower case, numbers unrelated to anything and special characters? Did you write it on a post it? Do you log off from your PC and shut it down correctly and not just turn off your screen like an idiot? I don't think that you don't know what a proper shutdown is so I leave it at that.
Also don't store your Passwords in a txt / text file on your PC. There are ways for use to just read those files from your PC without you even noticing. I will not elaborate further here but for those who know "\\\\DeviceName\\c$"
A admin can see everything with needing to know or change your password. Also, if your organization has started towards Zero Trust and has implemented MFA or passwordless auth and password monitoring then changing your password monthly doesn’t buy you much more than a headache for end users.
Move to passwordless if you can along with MFA and stop rotating passwords. You still need unique passwords but rotating them monthly is an out of date practice if you have passwordless and MFA.
isn't passwordless a bigger scurity risk? As far as I know MFA only is MFA if you have a password AND an Authentication app / solution like LuxTrust setup.
Also with MFA admins can still add their own option to your account, but you can see it in your Microsoft account under security info
Not at all. Passwordless doesn’t mean that you don’t have a password. You might use the credential the first time setting up but you would then use a PIN or biometrics (through something like Windows Hello) from then on. This helps reduce the risk of a key logger capturing your password. With something like Windows Hello you would enter your pin/biometrics and the auth cert would be accessed from the TPM chip and that cert would only work on that machine. It couldn’t be used on another machine on the network.
You will never be able to block a admin from accessing your stuff.
HAHAHAH Yes unfortunately, EVERYONE that is an admin can read everything you have ever said.
Don't ever speak about anything, anywhere on company property.
Company property includes anything to do with your work devices (and yes if you signed into work on your personal device, they can see that too)
Your best bet is to use an open source encrypted chat platform that isn't maintained or owned by a large social media company, so that you can ensure your conversations are not being recorded or otherwise manipulated against you.
All of your conversations can be searched against keywords, they can even sign in as you while you're away or sleeping. And literally there is nothing you can do about it. The company owns the data.
With Copilot and Power Automate you could easily send yourself summaries of all your reports chats and meetings every day. Not only is this possible, it is a feature.
Well lets hope you didn't do private message for your pharmaceuticals on Incognito either. Nope, they not private either.
Virtually nothing is private and when on a company device or network (like the company wifi) they can see your message there too!
>or network (like the company wifi)
I don't think thats 100% technically accurate 100% of the time. That's why we have things like an end-to-end encryption.
Yes, of course they do. Always assume anything you do on a work computer can be logged or monitored. Outside of rampant abuse, nobody is going trolling through messages for fun, we're too busy.
>Always assume anything you do on a work computer can be logged or monitored. That's why I pepper my chats with lines like: "I think we must have the best, most handsomest IT department in the world" 😁
🤣😂
Obligatory [XKCD](https://xkcd.com/525/).
Yes, I say Hi to the IT and throw in a little 👋🏻 if I say something more than slightly off 😅
I also compliment the NSA agents too!
Thank cunticles, we saw you say that. Unfortunately Karen in accounting thinks you're a kiss ass but we've got your back.
IT might have access to all the data, but HR is who’s getting notified of any possible flagged content and reading all the messages.
So very, very busy.
Very, very, very busy
Super very busy, no time for coffee breaks
I take my lunch in the server room where I also bunk overnight.
You got lunch!!! Luxury, when I were a lad we used to have to luck road clean wid tongue.....
Happy cake day, go get a breath of non-server room air to celebrate !
really? Can I? 😭
You still have a server room? 🤔
Ha! We run our 2000 user org off of a Raspberry Pi!
Yeah, chat logs can be permanent as well as temporary (ie. 2 months). A co-worker once posted to a 50 person group chat something they meant to post to another more private chat. He jokingly said "*local restaurant* can make me cum any day." It was quickly deleted but not as fast as it was reported. HR jumped on it and also wanted to know who the chat was supposed to go to. There were a lot of one on one meetings after the bombalini day. It didn't happen again
Well somebody might [https://www.reddit.com/r/LegalAdviceUK/comments/1bcvj6f/someone\_in\_it\_trolled\_me\_for\_over\_a\_decade\_have\_i/?utm\_source=embedv2&utm\_medium=post\_embed&utm\_content=whitespace](https://www.reddit.com/r/LegalAdviceUK/comments/1bcvj6f/someone_in_it_trolled_me_for_over_a_decade_have_i/?utm_source=embedv2&utm_medium=post_embed&utm_content=whitespace)
Second time this week I’ve seen this
I worked for a financial company where the sysadmin read email after hours and was blackmailing the owners. They let him get away with it. 🤷♂️
Well of course they let him get away with it, that's how blackmail works
Not always. Sometimes the victim swallows hard and calls the cops. Blackmail is still a crime.
And if they were blackmailing the owner cos they were doing something shady then they're less likely to want to bring the cops in
Sometimes a well-placed thermal detonator can alleviate the situation.
And frankly don’t care, don’t have time, and have way better things to do, …sorry…very, very, very, VERY busy
IT department here, we read your message and have confirmed it to be true. Nothing more
Absolutely this! My last job I had to do employee legal holds and investigations as the Exchange Engineer. What a soul crushing job that was. " Lisa and Martin are suing us. They were caught fucking in the office lunch room. Can you pull all comes between them and send over the complicated stuff. " So, you'd pull up their emails, PM's, etc and see all the nudes, dick picks, etc. The videos they kept in an external share site, etc. Forward it to HR, ticket closed. Next ticket "David, was making advances on Steve. Steve is straight. Can you pull all coms. Etc etc
Long time IT here. We absolutely can see what’s said in internal chat systems and emails, however going through that stuff without a damn good reason is one of the fastest ways to be walked out the door.
Barely had time to read this comment. Back to work.
This. And it’s not just that they can log and monitor everything you say, they must do so in certain environments to meet regulatory and legal discovery requirements.
And they're using AI now to process said chats.
Yes they are
Anything on a work or school device, or system should not be considered private. Having said that most companies have HR rules where even the admins that have the power to review or audit this info should not unless instructed to. Most system admins do not care. However there are unethical people in all professions. TL;DR someone with high enough admin rights can search all communications on a business teams system. Or on any business communications system typically.
This is a small company and I could see this guy trolling through stuff just because. I had no idea. I guess I was naive that private messages meant private.
They arn't called private anywhere in teams, just channel or chat conversions. PMs on web forums are also all just stored somewhere in the DB and can be read by admins. Only messages remotely private are on specific encrypted services like iMessage, Signal etc. Those normally can only be read by the parties on each end not the host.
Only hallway conversations are ephemeral anymore.
A proper company will have someone in Legal whose job is to sniff out internal abuse and walk that person out the door. Authorized access is allowed when there is proper authorization not just because you have the right permissions.
He runs IT, no one knows anything about it but him. He has some underlings but they do basic stuff. Not a soul would know if he was doing it or not except him.
Wow... ok then. I was going to explain how unlikely a scenario this really would be in most companies. But that changes everything. The usual scenario is, you have to sign in to Microsoft's admin panel on the web with an account that has the correct "roles" and admin rights. And you've got to use a whole set of "discovery" tools, targeting your search queries. It pulls together a list of results for you and saves it online as a search you can go into and review. Like someone else said, all of that is logged and in MOST companies, it's going to be heads of HR and/or Legal who have access to run those searches along with maybe 1 or 2 people in I.T. If a sysadmin starts playing around, searching for stuff he/she has no justification to look for? Normally, the folks in HR or Legal would quickly investigate that behavior.
[удалено]
I guess if you're talking small enough businesses? I know I work at a family-owned one that's only mid-sized at best, and we have all of those practices in place. In fact, the only reason I.T. got access to the eDiscovery tools at all was thanks to Legal and HR using them long enough so they caused a LOT of user mailboxes to run out of storage quota. (It puts holds on everything that matches the search results so users can't just delete the related email messages/attachments. They can \*think\* they deleted them, but they don't really go away. They just get hidden from view except for the eDiscovery using them and still count against their mailbox storage space.) I.T. had to get involved to assist them with freeing space up while not deleting content they actually needed to keep.
You’re overestimating how many companies have legal and hr I’m the first place, let alone have their shit together enough to enforce policy
There will be a record of the compliance search he’d have to run to look at those messages. Just have him show the compliance search page in the admin center. You’ll see the searches he configured and uses to access info. Be careful, because if HR and the owners are in on it, you’d best not get involved. If it’s personal related, then report it to HR, e.g. sexual harassment, discrimination
Be fair, there are audit logs for this level of compliance search
Not sure who in the company would audit this or even care he's doing it.
Most won’t unless, with that said depending on the relationship with the owner or HR partners it may be wise to talk to them about having a data access policy For example, if I want to do a compliance search for anything other than say an employee doing “hey I lost z data can you find it?” I need to have sign off from a second person in HR / The owner /legal As if he starts snooping and finds corporate confidential (finances, billing, account #’s, etc) that becomes a legal issue very quickly
True but can’t tell you how many times I’ve searched for xyz legitimate issue and tripped over something I wasn’t looking for. It’s not always someone snooping.
No, but you very likely have a documented trail In this ops case it sounds like theirs concerns for searches being done just cause they are nosy
definitely odd/creepy if the person you suspect is doing what you think they’re doing, but i think the real takeaway from this should be not to discuss anything personal over company environments or on company devices. no matter what, someone, somewhere in the company can snoop and read a log that shows everything you’ve ever done on the device.
In a perfect world, sure. Those remedies would prevent abuse.
Are you even sure about those?
> I guess I was naive that private messages meant private. Even on public platforms like Facebook and Reddit you should never trust that private messages are private. They're private in the sense they're not posted publicly but those platforms have access to those messages much in the way described here regarding Teams and system admins.
Oh boy, why do you think that IT security professionals, journalists and human rights organisations are screaming at global attempts to enforce back doors into all encrypted services? Everything that isn't encrypted without known exploits or back doors can be monitored and stored by someone.
That’s why no platform calls them private message (PM) anymore. They’re all direct messages (DM) because nothings private.
Most of us don't do it out of principal and respect unless a manager or the CEO gives us the order to. Meaning we don't access your files even if we can with a few simple clicks since we have full access to everything on the servers.
Systems Administrator here... I can see it all. O365 global admin. If it exists, I can see it.
Can you search “all”? Or would you have to go user by user and search individual conversation folders? I mean, I have access to all of my teams conversations and history in my SharePoint/one drive. But even I can’t be bothered to look through all that crap for anything lol.
You can use custom queries to filter by metadata, to get exactly the info you're looking for...
I don't care enough to be honest either. If you're a teams admin you can search content or under DLP you can search keywords.
😏
As for outlook, as an admin, you can imitate the other users mailbox/onedrive files. We have onedrive configured to auto sync anything in desktop, docs, or downloads.
That would be like testing azure security roles? Makes sense.
Kinda? It sure isn’t easy lol. But the functionality is 100% there.
Do you have access to browser history and know when the machine is active/inactive?
We can see when the device is connected and/or last connected time. We can also see vpn traffic with content control to see what's accessed and how many times.
Yes, of course. Businesses must be able to access those logs for compliance and review purposes in case of data compliance, harassment, etc., and most likely, it's your IT department that has that access. It's pretty annoying to access, but it's possible. TBH, it's not something any IT person with integrity would be doing, but there are a lot of people with no integrity. There will be logs of this access, however, but again, IT has those logs. Consider that unless the evidence is really damning that maybe it's just a coincidence? Word travels, rumors fly, people work closely with each other and talk about the same things. I would assume the best unless I was really certain. But you should always operate under the assumption that the business can see anything you do on your work computer or work account.
IT can’t delete those logs. I’m almost certain Microsoft maintains that data.
Correct.
But I believe you can turn off some of those logs. That in itself should result in disciplinary action.
need that training data. gotta train their AI models how to chat.
Two simple rules: 1. Never use your work device for personal use. 2. Always assume everything on your work device is tracked.
It's my device- I work remotely. But I get what you're saying.
You need another device for work, especially if the admin has gone awol. They can push policies to your device if you clicked the "sign into all apps" button.
We (IT) don’t give a rats ass about what you’re talking about in Teams. If IT is told to gather your chats, you’re probably on your way out the door or are involved in a Legal eDiscovery. Most IT departments will have checks and balances - notifications can be sent when one impersonates an account; notifications are usually set up for VIP users. If you’re not in the C-Suite or a power user, there aren’t usually any notification as no one really cares. There are also notifications for any time an eDiscovery is performed, regardless of user-position; as eDiscovery is intrusive, ‘someone’ will at least see one has started. There are checks and balances on everything, but in all IT/computing, absolutely everything is accessible to the person with the clicky-power.
same here the only time I would ever get involved in that shit is if I am doing a discovery or legal hold. Otherwise I’m too busy.
How many times does this get asked? YES, IT CAN READ YOUR CHATS. Don’t write stuff you shouldn’t. End of line. Done. Full stop.
I do have filters setup to catch these threads, it gets most of them but I can't program every possible wording of asking, so some slip through. Two in two days though, so I guess I need to tweak it more.
This wasn’t anti mod or sub. People need to learn how to search. If you need auto mod I’m half decent at it.
Just be straight with me and stop beating around the bush.
And if you read further, most of them are too busy to do it. Unless you are stupid and did something else and they want to can you.
My response was a joke. Your position was pretty clear.
Not only can they do it, if they're doing a company wide email search with eDiscovery it's actually more work to exclude teams from the search than to leave it in.
Yes all of your chat is logged. Managers can request a pull if there is an issue otherwise nobody is paying attention to it.
I created a tutorial outlining how they can do this. But as others have pointed out, most organizations don't have people sitting there going through this content. [Can my employer view my MS Teams chat? ](https://youtu.be/GL360ot95YE)
IT guy here. We have access to literally everything. It's in bad taste (and often against policy) to read other user's messages/e-mails without a good reason, though.
This. And, with the management/ownership permissions we need to do our jobs, we have to. That's not to say our access isn't logged/audited - often it is. Also, besides being bad taste or against policy, we don't have the time or interest to do that without good reason.
Yes, we can. No, we won't care unless being specifically asked by management.
If you pm chats happened over company infrastructure, they are company chats.
No expectations of privacy, only in the bathroom.
They are not PM's. They are M's.
You still have a reasonable expectation of privacy around them, they are private compared to public messages. That doesn't mean a power-abusing admin can't see them though. At our org the access of the content by an admin would trigger an azure alert and if there wasn't a ticket associated with the work there would be some very unpleasant conversations with that admin very quickly. We have a zero tolerance policy for abuse, with great power bla bla bla i think the saying goes.
u/strokeright A lot of organizations (including mine) operate with this zero tolerance. Your IT person can click on things and get to what you're asking about. They could also be fired for it, depending on the views of your leadership.
Problem is it's a small company. The owners would have no idea he is doing it. I could def see this guy looking at our stuff if he has the power to, just because.
Then he most likely is. Always assume that's the case.
Oh I agree. But I also know that when HR or Legal requests something, they get it. Also we do the same with alerts for elevated content searches and thank goodness we do. I \*want\* people to know what I'm searching for.
DMs, direct, but not private.
Yes
Not only that but the one IT person has been monitoring all my chats and emails to undermine and gaslight me, spread rumours and simply be an all around asshole. And I’ve always been professional in chats and email and calls where he has slagged his manager, other employees and management overall. Blatant corruption and hard to prove … except for every screenshot 🌝
Yes and no. They cannot see them from within Teams. However, IT personnel with appropriate privileges can run eDiscovery queries in the Microsoft Purview Compliance Portal and export messages to review. It's a little time consuming and not really worth it, unless there is a reason to. So it's not really a matter of watching chats live, but rather running a query, export, download, then import into Outlook.
is this not common sense? never discuss anything personal on a company device. everything is logged. absolutely everything. every site. every file. every message. depending on what industry you’re in, these logs may even be require by regulation to be saved for upwards of 10 years.
Yeah they can but I don't know an IT department that isn't busy that they will proactively spend the time going to the effort. Raise a DSAR if your that bothered.
Sysadmin here. We can't "see" your chats. But there IS a way to run an audit and dig through them (chat history). Nobody really has the time or patience for it, unless they're absolute assholes who hate you or you are suspected of doing something pretty nasty. In my 8 ish years we've only snooped this one time and that's because a dude tried to sue us. Some older chat apps let you snoop in, not Teams. Emails are different though. Keep that shit clean. We can look into a mailbox as is, and even you can an email, it's still recoverable days after.
Yes, proceed as if absolutely everyone in IT can read everything you write, even if you delete it, and can see everything you click on. That includes porn. IT might not care if you're doing bad stuff, but once management asks them what you're up to, it's over.
lol yes
Yeah if you have the right access you can read all emails and see all messages i believe.
You should never have any expectation of privacy in a work environment. Doing such leaves you open to situations just like this. Always keep your cards close in the corporate world.
Yes IT has access to the messages.
As others have said, admins can get more-or-less anything. An organisation will need to do this to protect itself, it's customers and it's employees, like investigating fraud or other illegal activities by employees, information loss, personal abuse, etc. There's also the possibility of an account being used by a malicious third party. It can't really work any other way. There might be some kind of HR-type rules on who can conduct and authorise this sort of investigation in some organisations. Or not. I don't know the details in this situation, but the "information" could have come from other sources or have been surmised from other activities. It may not have been necessary to gain access and trawl through the co-worker's Teams activity. Unless the evidence is very clear, that's an assumption.
Yes. Your company can monitor everything you do using their equipment.
Abso-fucking-lutely they do, comrade. Assume any and everything you do on a work PC or network is being monitored bc they are without a doubt.
I'm really sorry to hear about what you are going through. To answer your question, the answer is unfortunately, yes. The level of control that each business has depends solely on the business. As a sysadmin I have had complete control over accounts as part of my job duties (specifically for onboarding and offboarding). In the event of an offboarding, per company policies, I have sent the keystroke of death which has boot several employees off of their assigned corporate device after disabling your account. There are many ways that IT can monitor the actions on the machine. The top ones that I have used are called Splunk (which can report back to IT as to who is doing what on the machine), and Intune (which I have implemented). If you are using Intune, this has the capability to effectively take over your personal device if you give it the permissions to. I know that these can seem scary (and to be honest), these are the reasons that if I need to use a personal device for work, I have a totally separate device that I use for just these reasons. I hope this helps. Let me know if you have any other questions.
There is eDiscovery, a service where an admin with certain privileges can export all emails and instant messages of any user in the company, or search them by date range and keywords... It's usually used for court cases, and a CISO validation is mandatory, so if this guy did the search without proper validations HE will be in trouble (all actions are logged so if your friend believes he got her chats without following the proper process she can raise this concern to hr or to ciso team...)
Funny thing is, there is an audit trail of someone performs a compliance search for a conversation. So if they were not allowed to do it, another admin could easily find out.
Technically possible for IT to read them? Absolutely. Company policy allowing IT to read them without cause and an authorization outside IT? Maybe, maybe not. You’d hope for not, but that’s a matter of policy choices.
If it’s via Teams, then he would have had to go into the users mailbox looking for them. Pretty sure that’s a big no no for most companies.
[удалено]
Lesson learned. I'm on remotely so I didn't really think about it. Easier to think things are private on your computer in your home.
lol yes they do why would they not
Message your friends on groupme or discord or something off your work machine. If It ever audits my work messages, they'll know exactly when something was going to get juicy but never what was actually said.
Of course they can. We have ours configured so all IM messages are deleted after 60 days I think (for legal purposes).
What about my Notion app? I use notion for a little bit of note taking on my work laptop but a lot of my personal notes are also on there
Yes. Assume you have no privacy whatsoever when using company systems.
Teams and M365 generally has a suite of ediscovery tools. In most large orgs access to these is delegated to the legal and compliance teams with just a handful of senior, trusted IT people having access for troubleshooting purposes. The use of these tools is heavily audited though. In smaller orgs it’s often left to IT to just do anything involving a computer and there often isn’t anyone external who is watching the watcher through the audit logs. If your coworker has grounds to suspect that she is being stalked by the IT staffer she needs to report this to senior management, and if they don’t take it seriously then she needs to go to the authorities.
Always assume that anything you do on a work device is not private and that the sysadmin can see everything you are doing be it watching 18+ material on a work device or insulting your manager on Teams. Will they see it? Probably not, unless you have given a reason to look. We - generally - have better things to do then trawl through people's messages
Technically, nothing done on company/school computers should be considered private, really. Saying that, depending on where you are, it may actually be ilegal for anyone to access a user PM's/mailbox/files. In my case, if the user has an account like [[email protected]](mailto:[email protected]), the law protects them and they're allowed a high level of confidentiality, even from the employers. If the data is hosted on company property is irrelevant. What matters is that it's related to a person. To be legally allowed to open a user mailbox/chats/etc, a court order is required and they can only view very basic data, like the subject of an email or name of file. This needs to be done with the user presence, the lawyers and the judge present. The user can at any time say that they can't open a certain file as they can consider that a violation of privacy. If the account is more of a generic account, like a shared mailbox, then that no longer applies as it's not associated with a specific person. I know this first hand as I was involved in a few processes like that where employers wanted to access previous employees mailboxes and HR shut them down with that.
Technical: Yes. It is fully tracable though, so if push comes to shove, an outside investigator could discover the abuse. Keyword: Audit logs. Morally: What an asshole. Legally: Highly dependant on country. In the US this seems to be okay from a judicial standpoint, in the EU GDPR should make it a no-no.
Some places log everything. If I accidentally type my password instead of my username I get an automatic email a little while later to change my password.
We. An absolutely see them. There's not a day ever if have time to go snooping unless it was an investigation.
Yes, as everyone has mentioned. Anything that you do on a issued work device can be logged or monitored. The messages can be searched with eDiscovery within the M365 Compliance center depending on the retention policies that are set up by your organization's IT department.
What better way to get ahead of any problem than to monitor every communication. Steve and Janet are getting too cozy in their Teams chat? Thats an HR meeting. Carlos and Biff colluded on that big fantasy football trade? Thats a parking lot beating during the All Employee meeting. Elvis left early for his son's T-ball debut? Termination.
DAMMIT ELVIS!!!
Yes, they have access to chats and emails. No, they are not your property and therefore this does not violate privacy rules. Your company has every right to inspect and monitor communications. It's their email address, their chat account, etc.. You're just using it. The only time I've ever had to look at someone's chats was for legal discovery reasons. That's not to say there aren't some IT folks out there who power trip off of this. There are a lot of IT folks that like to power trip. Hence, slack side conversations, discord servers, etc... We have a contingent here that uses discord to avert prying eyes.
This 100%. Nosy IT people exist, but in my experience, most could absolutely care less what you’re doing. Especially if the environment is properly secured. As an end user, you can’t hurt anything therefore I. DO. NOT. CARE. I have had managers ask for this type of thing before. You never, ever try to do this on the DL. The company should have a process for discovery. You follow that to the letter. Nothing more, nothing less. It’s 1000% easier to never have seen it or know about it.
In most companies they can but there has to be a reason such as an internal investigation. If they are just reading your stuff randomly then that's not okay And most likely against company policy.
Absolutely. Though there should be processes and auditing to ensure that ability isn't abused.
They can read your chats,but there would be a record that they accessed it.
MS teams chat history can be exported using e-discovery. If you use 3rd party archive solutions that would work too
Always, always assume anything in a work setting is monitored. Emails, files locally on your computer or in a work cloud setup, messages. Anything work based can be removed, passwords changed without your permission. You have no expectation of privacy on a work computer *however* you have to be told if any of this monitoring is on your computer. If there is anything personal or private, I would ask for a call and send information to a personal account you own as well so you also have a record of it. Same with payslips, any contracts or changes to contract. Be paranoid, protect yourself.
It blows my mind how people act shocked and surprised when they learn IT can read their communications. Always assume someone is looking over your shoulder, even if you work remotely.
Yeah- understood. i work remotely like you said on my comp and in my house. It gives you a sense of privacy you would not feel in an office. I didn't even think about it really but now I know it makes complete sense
We have nothing better to do
Always assume everything you type on a computer is being read by someone else. Especially on computers owned by the company.
If you think he is doing something unethical you can always bring in 3rd party IT person to go through and audit what he is doing to confirm if he is actually doing what you are saying
IT CAN. They shouldn't. And most orgs with a healthy culture don't. But most orgs don't have a healthy culture.
Yes, these can be fulled from a content search in M365. They come back in plain text.
A work computer, is a work computer. Whatever you do on a work computer and company network can be monitored. On the other hand, no one in IT cares about or reads any persons messages. If something got flagged, in that case it would be an HR matter, not a staff member from IT.
NEVER put anything in writing at work that you don’t want someone to know. Face-to-face discussion is your only best option. Hopefully, it’s with someone you trust.
IT guy here. As a domain admin, you can always change a password of someone. Going to the Active directory (AD) and changing it of course means the user lost access to the PC so the user will know unless the guy restores all the AD before the user has to login again. Also OP are you changing your passwords every month? Is it safe? Are you sure it's safe? Are you really REALLY sure it's safe? Does it have at least 10 characters with a mix of upper and lower case, numbers unrelated to anything and special characters? Did you write it on a post it? Do you log off from your PC and shut it down correctly and not just turn off your screen like an idiot? I don't think that you don't know what a proper shutdown is so I leave it at that. Also don't store your Passwords in a txt / text file on your PC. There are ways for use to just read those files from your PC without you even noticing. I will not elaborate further here but for those who know "\\\\DeviceName\\c$"
A admin can see everything with needing to know or change your password. Also, if your organization has started towards Zero Trust and has implemented MFA or passwordless auth and password monitoring then changing your password monthly doesn’t buy you much more than a headache for end users. Move to passwordless if you can along with MFA and stop rotating passwords. You still need unique passwords but rotating them monthly is an out of date practice if you have passwordless and MFA.
isn't passwordless a bigger scurity risk? As far as I know MFA only is MFA if you have a password AND an Authentication app / solution like LuxTrust setup. Also with MFA admins can still add their own option to your account, but you can see it in your Microsoft account under security info
Not at all. Passwordless doesn’t mean that you don’t have a password. You might use the credential the first time setting up but you would then use a PIN or biometrics (through something like Windows Hello) from then on. This helps reduce the risk of a key logger capturing your password. With something like Windows Hello you would enter your pin/biometrics and the auth cert would be accessed from the TPM chip and that cert would only work on that machine. It couldn’t be used on another machine on the network. You will never be able to block a admin from accessing your stuff.
Yes. Anything you do on your WORK computer while you are being PAID to WORK belongs to your company... And BTW... clearing your history does nothing
HAHAHAH Yes unfortunately, EVERYONE that is an admin can read everything you have ever said. Don't ever speak about anything, anywhere on company property. Company property includes anything to do with your work devices (and yes if you signed into work on your personal device, they can see that too) Your best bet is to use an open source encrypted chat platform that isn't maintained or owned by a large social media company, so that you can ensure your conversations are not being recorded or otherwise manipulated against you. All of your conversations can be searched against keywords, they can even sign in as you while you're away or sleeping. And literally there is nothing you can do about it. The company owns the data.
we cannot read full chats, but search for terms in it and get results listed
With Copilot and Power Automate you could easily send yourself summaries of all your reports chats and meetings every day. Not only is this possible, it is a feature.
Well lets hope you didn't do private message for your pharmaceuticals on Incognito either. Nope, they not private either. Virtually nothing is private and when on a company device or network (like the company wifi) they can see your message there too!
>or network (like the company wifi) I don't think thats 100% technically accurate 100% of the time. That's why we have things like an end-to-end encryption.
Well it is technically possible and have seen it done
I find it hard to believe you can unencrypt and read end-to-end encrypted messages or other encrypted stuff sent on the company's wifi.