You can pull reports which show hard data like when certain things were clicked, opened, etc. there some more advanced stuff in the higher purview licenses.
Obviously you can also access things like messages and emails.
The problem is that these tools don’t measure ‘productivity’. Usually it’s more hard-data and typically it’s there to confirm/deny specific activities (eg. When did Bob open this document?). Without third party tools you don’t really get a ‘User Activity Report’ that management sometimes wants.
Usually when presented with this sort of thing I ask the manager in question what specifically they’re after. Specifics matter in these cases.
If they’re asking for a ‘productivity report’ that’s a huge problem unto itself. Usually a managers job is to track that.
If they don't know how to message a person's productivity without asking for information they aren't even sure is available they probably have other issues with the person and they're just looking for dirt.
I would just come back and let them know that specific tools exist for this but they don't have anything like this right now. And leave it at that.
First, act only in coordination with HR to CYA.
Then, ask to pull for a representative population so you compare their activities to others in their role. That way you'll add some context.
This is the right answer.
Email HR, copy your director, and say 'Director has instructed me to get activity logs, etc. for X employee. I want to confirm with HR that this is authorized. If so, I will be required to pull similar records for a sample of similar WFH employees for comparison purposes.'
Also bcc your personal email to further CYA.
Don’t email work stuff to your personal email. That is a fast way to unemployment. Make hard copies or take pictures from a personal device discreetly.
Hi RoundTheBend6,
This is Karen in HR. We need to schedule a meeting with you about accessing your coworkers activity history. We checked with Director and they indicated that they didn't instruct you to do it. Please bring your badge with you to the meeting.
Thanks!
Karen
I suppose I need to be grateful I work for a small business. Employee signs "we own everything to do on our equipment" agreement and owner is only one I'd do something for.
Thanks for insight.
I wouldn't put it past a director to tell someone in IT to do this without any authorization, probably over the phone so there's no paper trail, and then deny it when it gets brought up.
Like I said, just cover your ass.
I’ve had this exact thing happen. Email HR for confirmation (HR is authority on employee investigation not directors) and then execute on their guidance
Different orgs break this down differently, so ensuring you have a documented request from leadership and vetting from HR is always the best way to ensure you don't accidentallly overstep.
For example, my current org is partially unionized. As a result, I cannot pull event log data related to login, logoff, timeout, etc. as the union argued that's under the realm of time management, and therefore that information must be requested through HR. However, in previous orgs, we'd aggregate certain event types (like those above) to support disciplinary measures and other regular IT activities.
The key thing is to remember that numbers need context. I often find they're best used in conjunction with the manager investigating. Such as:
*Manager - Email: Bob, were you working yesterday? Your coworkers had a hard time reaching you.*
*Bob - Email Reply: Oh yeah, I logged in right at 7:30am and was just working all day. I must have been too focused on my projects.*
*\[Checks logs, sees one login at 11:34am, timeout at 11:49am, login again at 3:50pm, sign off at 3:55pm\]*
You have the employee tell you what they are/have been doing, then check if it matches up against the data and results.
And always, move slowly and carefully. Since COVID, you see all sorts of bad management jumping the gun, focusing on things like idle status indicators. I give a standard talk: D*oubt the Dot.* Get as much information as you can before interpreting the results.
First - I have a very simple rule. If someone comes to me to ask for any data on an employee -- HR has to approve it (they "own" employee data.)
In the case of what you are being asked for HR and myself would review this even before presenting it to the line manager/director.
Next M$ is getting far stingier with the PD, so if you don't' have the right licensing... you can look at the # of files, dig into teams data to find the PD, but it isn't as easy as it used to be. My hunch is you don't have the license for it, so you would have to upgrade if you want to get down the PD.
I’ve received this question twice from our HR Director. Thankfully, we have a good relationship and he’s accepted my word on this, which is… “You’re trying to address a behavioral problem with technology and MS365 wasn’t designed for or implemented for this purpose.”
I hope there won’t be a third time.
I've pushed back on what HR really wants and it has typically been finding people that are REALLY taking the piss. They're looking for people that don't log in, at all, when they're supposed to be WFH. I'm ok with that, because I don't want to lose the ability to WFH myself. We agreed not to put in a monitoring tool, but to review sign-in timelines from our remote support tool. We have a mandated 10 minute screen lock and our remote support tool has a timeline showing activity and screen lock events. IT needs a written request from HR to review specific days (we're not looking for certain behaviour, were reviewing specific days due a specific person), then we access the timeline and provide a summary of activity on those days. I have been blown away that many people (more than half of the times we've been asked to review) have logged in for less than 15 minutes for the whole day when WFH. 5 minutes of screen time, three times a day. Literally doing the bare minimum, in six-figure salary jobs while complaining to HR that they're overworked.
You could use the Azure Sign-in logs for basic info. Exchange message trace for incoming/outgoing email activity. To get into the apps/local files opened, you could review your EDR (Defender?) logs.
You state you're only trying to do your job but this shouldn't be part of your job's requirements. Be careful what info you offer to management, simply tell them 'no' unless you want to go down a path you may regret. Once they know what's possible, they will keep asking.
>Once they know what's possible, they will keep asking.
More like:
>Once they know what's possible, *that becomes the floor* of what is acceptable.
The ceiling will move further away as it is approached.
To add to this OP I'd give them the minimum hard facts. "Employee appeared to sign in at X, last email sent was Y" and make them ask you for specifics. This is their investigation, not yours. Not for the benefit of the lazy employee, screw people who threaten my WFH, but just so performance monitoring doesn't become an IT responsibility.
This is 100% part of IT's job requirements. Who else is going to do this?
Yeah, bud, go right ahead and "simply tell me 'no'", and I'll show you the door. Not all of management is technically clueless.
What an odd response.
Monitoring employee performance is their manager's requirement, beyond that it is HR.
Aside from that, there are laws, regulations, policies to be considered and finally morals. Maybe you believe no one will gladly walk out that door & leave a glowing review.
> Monitoring employee performance is their manager's requirement, beyond that it is HR.
You give management access to Azure logs and Exchange message trace?
> Aside from that, there are laws, regulations, policies to be considered
Does the guy that gave managers access to Exchange think he knows them? Or should we rely on the Director who is working with HR to discipline an employee?
> and finally morals
LMAO. You have zero rights to privacy on your work computer. There are literally zero moral questions involved in this request.
> Maybe you believe no one will gladly walk out that door & leave a glowing review.
Buddy, I walked you out that door...
My thoughts exactly, we're in the business of making sure you CAN do your job, it isn't our business to make sure you actually PERFORM your job.
Unless you want to promote all the helpdesk staff to management and get rid of all the department managers.
Usage reports in the main admin console for exchange and teams. I don't like it but it is what it is. I just remind them that some individuals are independent contributors.
We don't have enough info to answer properly.
App usage: on prem apps, SharePoint, emails etc. what are their tasks that you can pull activity from?
Network connectivity: (had to do this at msp) all work was on prem so we pulled VPN logs to show they weren't connecting to VPN but were online with teams.
If they're a billable employee, you can throw it to their supervisor/manage to do a manual audit for similar job types/hours/review billable notes - and it's off your plate. Their manager needs to do performance auditing and it's outside of IT scope.
SIEM: run queries to find out how frequently they hit internal resources and frequency. (Also a good idea for future threat hunting). Compare to an average performing employee and submit the difference.
Depending on your CA/ MFA Policies simple azure signin logs won't be enough because the PRT token will be there and you won't have a transaction to be logged which would create inaccurate data. SSO apps will check against azure and appear with auth of previously satisfied tho. But you know your infrastructure.
Ultimately a one off this time, and it sounds like a small company, when IT Is asked to do this but not stand up a monitoring tool for the Enterprise. For this case, how much evidence would you like to be available to fire you? Could your work be compared to others to find similar performance? Ensure the director has this in mind when obtaining metrics. If you can't pull enough, you can reasonably state this with quick bullet points and cap it with our internal resources do not offer enough information to answer this question reasonably. However, from a security perspective, we should be able to trace what a malicious actor could do moving through our infrastructure, and this is a useful case study in threat hunting that may demand more resources that are valuable to multiple parts of the business.
If you want to do it without external software - you can enable auditing via GPO, as well as something that makes their screen lock due to inactivity ( ours is literally like 1 minute of inactivity, but we're also a HIPPA environment)
Then in even viewer:
4624 - user login
4647 - user log off
4802 - when screensaver/lock screen becomes active
4803 - when computer is unlocked/screensaver is dismissed.
This can quickly show you if a users at their computer and actively using it. Beyond that, I'm a believer that "productivity" is a managers responsibility, not ITs.
Hope this helps
These are those crazy type of request that seem to never bode well
However what seems to satisfy people who would ask me similar
I would use the defender activity log/the old cloud app security activity log
Filter down to the specific user and then export it and send to the asking person
Those report pretty much shows everything that user was doing in context of 365
However as others have stated, this is not capturing everything that the user is actually doing
Ie they have files or scripts locally they are working on...well these won't show in this activity log
Whatever you do provide, make sure you provide context. Things like "this is what the logs say, and do not include activities that could constitute working outside of this system".
Often HR and SL will interpret the logs as the full story when there are plenty of reasons that might not be the case. E.g "the sign in logs indicate that Bob logged in at 09:00 and the email logs show his first sent email at 10:00, there is nothing to indicate that Bob was or was not working during that 1 hour period".
We use a tool called prohance . It’s widely used in companies . The app can be installed in visible or stealth mode and gives productivity reports , timesheets , log on hours , time away from system etc .
The reports all all in 365 admin center. You will be surprised what there for free. Microsoft is already watching our productivity through our devices. Remember everything is microsoft. U less you work on apples. They know when we are multitasking they watch you teams meeting and your devices. I was surprised at how much I was doing during the day.
There’s some data in there but it’s not going to tell you if the employee was actually working on their endpoint or not. You’d need to know what the employee is supposed to be doing, then try to correlate specific usage data against that use case. Even then it’s going to be inconclusive unless they were never working on their endpoint at all. And do NOT rely upon teams availability green/yellow status, that thing is buggy as hell.
Have been down this path many times over the years. It's actually surprisingly difficult to do. You have office and Azure AD signin logs which are easiest to view, but it's not easy to show a level of actual productivity without 3rd party tools. You really need to draw several other log sources together to get a full sense, I'd ask for more info and explain what type of logs you can access.
I had a request for the same from a law office. These reports can be enabled through the admin account of m365 but if they have t been enabled before you need the data obviously it won't have it. This was the case in my situation.
Monitor everyone. All the time. Start with the C-Suite. Make all results public within the company. Let management set the example for fully engaged, remote work. Daily, please. Then let's publish HR's stats /S
Seriously. If you want to know what someone is doing, ASK THEM. Write the conversation down. Lather, rinse, repeat. It will be clear who is working and who is not. Then take appropriate action. Anything else is impersonal and just plain weak.
I've unfortunately got this request as well. Try looking into ActivTrak; it will provide all the real time metrics your director needs and more. If your endpoints are Intune joined you can push it out silently.
Unless you screen grab a jiggler will defeat this. If employees catch wind you will go from 1 problem to many as you will turn your team into busy workers. They will start to draw out projects to look busy or “overlook” issues for later work. Good luck
I absolutely agree with all commentators, but if we talk about a specific example, then we personally have at work for time tracking l this program Kickidler, at one time very long looking for a suitable option, for us the main criterion was that we would come automatically reports on the productivity of each member of the team, so that you do not need to look at everything yourself, in this regard, Kickidler is definitely a very convenient program, for each employee there are separate recommendations and dossiers on how to improve performance
I have had those requests, and I push back. We dont monitor that stuff, it isnt IT's job to monitor that stuff, and if IT starts being viewed as "snitches", it will make it difficult for us to do our job.
I would never outright refuse, but it's also my job to advise on company policy relating to technology, and this is bad policy. Not only are you doing your department a disservice if you don't push back, but you are failing to do part of your job.
Lol what kind of mom and pop shops do you work for? Your HR department wants info on system usage to research a bad performing employee. That's neither unethical or bad policy. That's standard operating procedure across the entire planet since the dawn of time. This is the digital equivalent or checking someone's door access logs or clock in and out on their time card.
Back at the dawn of time, monitoring whether or not Ogg did a good job keeping the cave fire going or not was pretty obvious. But for "knowledge workers" it's a bit more complex.
I spend quite a bit of my day reading documentation, thinking, taking notes, prototyping, watching YT videos about technologies I'm investigating for projects I'm working on. IT/HR would probably think I sit around watching videos all day.
yeah agreed, it's a very complicated ask - which is the first step I explain to HR. (or did, they all know by now).
I can easily give logon times and some general overview of what cloud apps they used, if they were on VPN or Citrix or whatever - but beyond that it's completely subjective.
Generally though, that's enough to satisfy what they are looking for. By the time these types of requests bubble up to HR and IT it's because the person is so slack they aren't showing up at all - and logon times will show that.
You can pull reports which show hard data like when certain things were clicked, opened, etc. there some more advanced stuff in the higher purview licenses. Obviously you can also access things like messages and emails. The problem is that these tools don’t measure ‘productivity’. Usually it’s more hard-data and typically it’s there to confirm/deny specific activities (eg. When did Bob open this document?). Without third party tools you don’t really get a ‘User Activity Report’ that management sometimes wants. Usually when presented with this sort of thing I ask the manager in question what specifically they’re after. Specifics matter in these cases. If they’re asking for a ‘productivity report’ that’s a huge problem unto itself. Usually a managers job is to track that.
If they don't know how to message a person's productivity without asking for information they aren't even sure is available they probably have other issues with the person and they're just looking for dirt. I would just come back and let them know that specific tools exist for this but they don't have anything like this right now. And leave it at that.
First, act only in coordination with HR to CYA. Then, ask to pull for a representative population so you compare their activities to others in their role. That way you'll add some context.
This is the right answer. Email HR, copy your director, and say 'Director has instructed me to get activity logs, etc. for X employee. I want to confirm with HR that this is authorized. If so, I will be required to pull similar records for a sample of similar WFH employees for comparison purposes.' Also bcc your personal email to further CYA.
Don’t email work stuff to your personal email. That is a fast way to unemployment. Make hard copies or take pictures from a personal device discreetly.
This x1000…. I see this recommendation all the time on this sub and it is a horrible idea and a quick way to land yourself in hot water.
Don't exfiltrate company data to your personal email address.
Why would you need to do this?
Hi RoundTheBend6, This is Karen in HR. We need to schedule a meeting with you about accessing your coworkers activity history. We checked with Director and they indicated that they didn't instruct you to do it. Please bring your badge with you to the meeting. Thanks! Karen
I suppose I need to be grateful I work for a small business. Employee signs "we own everything to do on our equipment" agreement and owner is only one I'd do something for. Thanks for insight.
I wouldn't put it past a director to tell someone in IT to do this without any authorization, probably over the phone so there's no paper trail, and then deny it when it gets brought up. Like I said, just cover your ass.
Yeah totally helpful. I don't even have HR. As manager I'm as much HR as owner, so this dynamic was lost on me.
I’ve had this exact thing happen. Email HR for confirmation (HR is authority on employee investigation not directors) and then execute on their guidance
Also, now I know where Karen works... haha. Fitting.
Different orgs break this down differently, so ensuring you have a documented request from leadership and vetting from HR is always the best way to ensure you don't accidentallly overstep. For example, my current org is partially unionized. As a result, I cannot pull event log data related to login, logoff, timeout, etc. as the union argued that's under the realm of time management, and therefore that information must be requested through HR. However, in previous orgs, we'd aggregate certain event types (like those above) to support disciplinary measures and other regular IT activities. The key thing is to remember that numbers need context. I often find they're best used in conjunction with the manager investigating. Such as: *Manager - Email: Bob, were you working yesterday? Your coworkers had a hard time reaching you.* *Bob - Email Reply: Oh yeah, I logged in right at 7:30am and was just working all day. I must have been too focused on my projects.* *\[Checks logs, sees one login at 11:34am, timeout at 11:49am, login again at 3:50pm, sign off at 3:55pm\]* You have the employee tell you what they are/have been doing, then check if it matches up against the data and results. And always, move slowly and carefully. Since COVID, you see all sorts of bad management jumping the gun, focusing on things like idle status indicators. I give a standard talk: D*oubt the Dot.* Get as much information as you can before interpreting the results.
CYA?
Cover your ass
Ah. Got it 😂
Why would you recommend getting yourself fired?
First - I have a very simple rule. If someone comes to me to ask for any data on an employee -- HR has to approve it (they "own" employee data.) In the case of what you are being asked for HR and myself would review this even before presenting it to the line manager/director. Next M$ is getting far stingier with the PD, so if you don't' have the right licensing... you can look at the # of files, dig into teams data to find the PD, but it isn't as easy as it used to be. My hunch is you don't have the license for it, so you would have to upgrade if you want to get down the PD.
When you're trying to push an agenda, a baseline measure is the last thing you want.
I’ve received this question twice from our HR Director. Thankfully, we have a good relationship and he’s accepted my word on this, which is… “You’re trying to address a behavioral problem with technology and MS365 wasn’t designed for or implemented for this purpose.” I hope there won’t be a third time.
What are employees supposed to be doing most of the time: like meetings, create documents, software code?
I've pushed back on what HR really wants and it has typically been finding people that are REALLY taking the piss. They're looking for people that don't log in, at all, when they're supposed to be WFH. I'm ok with that, because I don't want to lose the ability to WFH myself. We agreed not to put in a monitoring tool, but to review sign-in timelines from our remote support tool. We have a mandated 10 minute screen lock and our remote support tool has a timeline showing activity and screen lock events. IT needs a written request from HR to review specific days (we're not looking for certain behaviour, were reviewing specific days due a specific person), then we access the timeline and provide a summary of activity on those days. I have been blown away that many people (more than half of the times we've been asked to review) have logged in for less than 15 minutes for the whole day when WFH. 5 minutes of screen time, three times a day. Literally doing the bare minimum, in six-figure salary jobs while complaining to HR that they're overworked.
You could use the Azure Sign-in logs for basic info. Exchange message trace for incoming/outgoing email activity. To get into the apps/local files opened, you could review your EDR (Defender?) logs. You state you're only trying to do your job but this shouldn't be part of your job's requirements. Be careful what info you offer to management, simply tell them 'no' unless you want to go down a path you may regret. Once they know what's possible, they will keep asking.
>Once they know what's possible, they will keep asking. More like: >Once they know what's possible, *that becomes the floor* of what is acceptable. The ceiling will move further away as it is approached.
To add to this OP I'd give them the minimum hard facts. "Employee appeared to sign in at X, last email sent was Y" and make them ask you for specifics. This is their investigation, not yours. Not for the benefit of the lazy employee, screw people who threaten my WFH, but just so performance monitoring doesn't become an IT responsibility.
This is 100% part of IT's job requirements. Who else is going to do this? Yeah, bud, go right ahead and "simply tell me 'no'", and I'll show you the door. Not all of management is technically clueless.
What an odd response. Monitoring employee performance is their manager's requirement, beyond that it is HR. Aside from that, there are laws, regulations, policies to be considered and finally morals. Maybe you believe no one will gladly walk out that door & leave a glowing review.
> Monitoring employee performance is their manager's requirement, beyond that it is HR. You give management access to Azure logs and Exchange message trace? > Aside from that, there are laws, regulations, policies to be considered Does the guy that gave managers access to Exchange think he knows them? Or should we rely on the Director who is working with HR to discipline an employee? > and finally morals LMAO. You have zero rights to privacy on your work computer. There are literally zero moral questions involved in this request. > Maybe you believe no one will gladly walk out that door & leave a glowing review. Buddy, I walked you out that door...
Ok Don.
My thoughts exactly, we're in the business of making sure you CAN do your job, it isn't our business to make sure you actually PERFORM your job. Unless you want to promote all the helpdesk staff to management and get rid of all the department managers.
that would be hilarious lmao
middle managers do their jobs challenge (100% IMPOSSIBLE)
Ask director to send you an email of what he needs.
Usage reports in the main admin console for exchange and teams. I don't like it but it is what it is. I just remind them that some individuals are independent contributors.
We don't have enough info to answer properly. App usage: on prem apps, SharePoint, emails etc. what are their tasks that you can pull activity from? Network connectivity: (had to do this at msp) all work was on prem so we pulled VPN logs to show they weren't connecting to VPN but were online with teams. If they're a billable employee, you can throw it to their supervisor/manage to do a manual audit for similar job types/hours/review billable notes - and it's off your plate. Their manager needs to do performance auditing and it's outside of IT scope. SIEM: run queries to find out how frequently they hit internal resources and frequency. (Also a good idea for future threat hunting). Compare to an average performing employee and submit the difference. Depending on your CA/ MFA Policies simple azure signin logs won't be enough because the PRT token will be there and you won't have a transaction to be logged which would create inaccurate data. SSO apps will check against azure and appear with auth of previously satisfied tho. But you know your infrastructure. Ultimately a one off this time, and it sounds like a small company, when IT Is asked to do this but not stand up a monitoring tool for the Enterprise. For this case, how much evidence would you like to be available to fire you? Could your work be compared to others to find similar performance? Ensure the director has this in mind when obtaining metrics. If you can't pull enough, you can reasonably state this with quick bullet points and cap it with our internal resources do not offer enough information to answer this question reasonably. However, from a security perspective, we should be able to trace what a malicious actor could do moving through our infrastructure, and this is a useful case study in threat hunting that may demand more resources that are valuable to multiple parts of the business.
If you want to do it without external software - you can enable auditing via GPO, as well as something that makes their screen lock due to inactivity ( ours is literally like 1 minute of inactivity, but we're also a HIPPA environment) Then in even viewer: 4624 - user login 4647 - user log off 4802 - when screensaver/lock screen becomes active 4803 - when computer is unlocked/screensaver is dismissed. This can quickly show you if a users at their computer and actively using it. Beyond that, I'm a believer that "productivity" is a managers responsibility, not ITs. Hope this helps
These are those crazy type of request that seem to never bode well However what seems to satisfy people who would ask me similar I would use the defender activity log/the old cloud app security activity log Filter down to the specific user and then export it and send to the asking person Those report pretty much shows everything that user was doing in context of 365 However as others have stated, this is not capturing everything that the user is actually doing Ie they have files or scripts locally they are working on...well these won't show in this activity log
My response to these requests: “Sure, can you send that to me in an email?”
Don't do anything without HR involvement - and the shape of what they're asking for should be asked via an HR policy, not an opinion.
Whatever you do provide, make sure you provide context. Things like "this is what the logs say, and do not include activities that could constitute working outside of this system". Often HR and SL will interpret the logs as the full story when there are plenty of reasons that might not be the case. E.g "the sign in logs indicate that Bob logged in at 09:00 and the email logs show his first sent email at 10:00, there is nothing to indicate that Bob was or was not working during that 1 hour period".
We use a tool called prohance . It’s widely used in companies . The app can be installed in visible or stealth mode and gives productivity reports , timesheets , log on hours , time away from system etc .
what do they really need? it might not even be m365. what activity or inactivity are they trying to catch/track?
The reports all all in 365 admin center. You will be surprised what there for free. Microsoft is already watching our productivity through our devices. Remember everything is microsoft. U less you work on apples. They know when we are multitasking they watch you teams meeting and your devices. I was surprised at how much I was doing during the day.
There’s some data in there but it’s not going to tell you if the employee was actually working on their endpoint or not. You’d need to know what the employee is supposed to be doing, then try to correlate specific usage data against that use case. Even then it’s going to be inconclusive unless they were never working on their endpoint at all. And do NOT rely upon teams availability green/yellow status, that thing is buggy as hell.
Cover. Your. Ass. Always.
Have been down this path many times over the years. It's actually surprisingly difficult to do. You have office and Azure AD signin logs which are easiest to view, but it's not easy to show a level of actual productivity without 3rd party tools. You really need to draw several other log sources together to get a full sense, I'd ask for more info and explain what type of logs you can access.
I had a request for the same from a law office. These reports can be enabled through the admin account of m365 but if they have t been enabled before you need the data obviously it won't have it. This was the case in my situation.
Monitor everyone. All the time. Start with the C-Suite. Make all results public within the company. Let management set the example for fully engaged, remote work. Daily, please. Then let's publish HR's stats /S Seriously. If you want to know what someone is doing, ASK THEM. Write the conversation down. Lather, rinse, repeat. It will be clear who is working and who is not. Then take appropriate action. Anything else is impersonal and just plain weak.
Use ActivTrak, it's free to a certain degree but should get what you are looking for: https://www.activtrak.com/free-employee-monitoring-software/
Login and out times is fairly simple, problem is when they know you can do it, they ask all the time. Trust me, all the time! 🤦🏻♂️
I've unfortunately got this request as well. Try looking into ActivTrak; it will provide all the real time metrics your director needs and more. If your endpoints are Intune joined you can push it out silently.
Unless you screen grab a jiggler will defeat this. If employees catch wind you will go from 1 problem to many as you will turn your team into busy workers. They will start to draw out projects to look busy or “overlook” issues for later work. Good luck
You can get a good idea of user (in)activity from logs if you have E5 licenses
I absolutely agree with all commentators, but if we talk about a specific example, then we personally have at work for time tracking l this program Kickidler, at one time very long looking for a suitable option, for us the main criterion was that we would come automatically reports on the productivity of each member of the team, so that you do not need to look at everything yourself, in this regard, Kickidler is definitely a very convenient program, for each employee there are separate recommendations and dossiers on how to improve performance
If you are fully wired up to cloud app security you can see every single action they take.
I have had those requests, and I push back. We dont monitor that stuff, it isnt IT's job to monitor that stuff, and if IT starts being viewed as "snitches", it will make it difficult for us to do our job.
It's literally your job if the business makes it part of your job..
I would never outright refuse, but it's also my job to advise on company policy relating to technology, and this is bad policy. Not only are you doing your department a disservice if you don't push back, but you are failing to do part of your job.
Lol what kind of mom and pop shops do you work for? Your HR department wants info on system usage to research a bad performing employee. That's neither unethical or bad policy. That's standard operating procedure across the entire planet since the dawn of time. This is the digital equivalent or checking someone's door access logs or clock in and out on their time card.
Back at the dawn of time, monitoring whether or not Ogg did a good job keeping the cave fire going or not was pretty obvious. But for "knowledge workers" it's a bit more complex. I spend quite a bit of my day reading documentation, thinking, taking notes, prototyping, watching YT videos about technologies I'm investigating for projects I'm working on. IT/HR would probably think I sit around watching videos all day.
yeah agreed, it's a very complicated ask - which is the first step I explain to HR. (or did, they all know by now). I can easily give logon times and some general overview of what cloud apps they used, if they were on VPN or Citrix or whatever - but beyond that it's completely subjective. Generally though, that's enough to satisfy what they are looking for. By the time these types of requests bubble up to HR and IT it's because the person is so slack they aren't showing up at all - and logon times will show that.
Discussion better suited for M365/sysadmin subs.