Working on the systems/security/infrastructure side, we can already do this. Endpoint management systems already report wifi-ssid, internal-IP, whether you are using a vpn to try and hide info. SASE/ZTNA solutions provide location data, username, device used, connection details. Conditional access policies in the tenant already do checks against all of this anyway.
The roadmap just makes the whole thing user-facing so there's a status in Teams of where you currently are. But IT knew all along. And if IT didn't have tools deployed to get this info already count yourself lucky to work at an immature org security-wise.
Yeah, it's mostly just a weird feature in terms of ick-factor vs. utility.
I will say that "IT knows where I am" and "my manager / manager's manager / whatever sees where I am on Teams" would represent two very different personal annoyance levels at most companies I've worked at; at most places I've worked getting someone's location through IT required them to be doing something questionable or illegal (ie - working from an unapproved country) or breaking some obnoxious return-to-office policy, not just "hey is Bob out to lunch again or is he over in Building 6 so I can drive-by him with some questions real quick"
People should look up what features "carbon black" has, it's extremely frequently deployed (cb.exe in task manager) and can, (according to their own marketing) provide managers with live feeds of your desktop... So yeah...
First security job I had, the CISO had already declared that enforcing "no Youtube, porn, whatever" at work was a managerial problem and not a security problem [0]. And when management needed data from computers about an employee, they had to go through security -- they couldn't just fish around on their own. HR was involved, there was a paper trail, and requests were scope limited.
There are companies that do incredibly invasive employee monitoring, but those dystopias don't use EDR or whatever. They use some other vendor's spyware to replace management with creeping.
For some reason I'm reminded of the chains or cables used to keep operator hands (Posson's pull-backs) from being crushed in a press brake.
[0] The malware, etc that can come from those sites was a security problem -- but checking if creepy Bob was looking at boobs on company equipment or even just wasting time had nothing to do with infosec.
In my experience the most common use of this data is to build case for firing someone for cause when upper management wants them out. It's rarely used for actual security purposes.
mmhmm. Yea if someone really had the desire they could figure out my online presence and possibly even get a rough idea of what I'm actually doing with my time. Always something you could figure out from an IT network, its just about putting the history together.
But I'll agree that Teams is packaging this information into something more digest-able for middle managers, and that's the rub. There are always manager types who have the epiphany that not everyone is working 100% of the time and it bothers them enough to call it out to subordinates, or if they don't like someone enough they might do a deep dive with IT. Teams already has this indicator to show if you're online, on mobile, in a meeting, AFK, or offline entirely. Its not that the information wasn't there, its just much more front-and-center for managers to be annoying about it.
I disagree. I love and miss this style. Old Car and Driver articles often had the same flair. It’s not always about conveying the information but how we get there. I would love to find more long form, flair writing like this.
I love the analysis. But I hate that the 'fixed' email ends up being wordier for no reason at all.
Brevity has value. Having to bloat content (an email to get past anti-spam; a cooking blog to rank better within Google SEO; ...) brings back memories of high-school english papers, or the modern equivalent ChatGPT.
Another piece of feedback: the link doesn’t look like a link any more. It wasn’t great before, but the verbiage made it adequately clear. But now it’s terrible, because the wording doesn’t suggest an action, and it doesn’t look like a link or a button. You should either restore its underline and lean into “link”, or give a background colour or (generally better) gradient and lean into “button”. But when it’s just a border, it doesn’t look like a button, especially when there’s a tick after it. And change the wording again.
Thanks for this feedback, I actually changed this because some of my clients complained of the opposite, that the link was a bit too "dim" and didn't look like the the obvious Call To Action in the email. But it's all very debatable I agree and I may change this again in the future.
I could but I don't want to, it's even more of a dark pattern and looks way too "spammish" IMO. I don't want my users to find this in their email and think that I'm trying to trick their system. Also I wouldn't be suprised if some antispam tries to detect this as a spam criteria.
Personal anecdote:
I had lived and worked in southern Uganda with a Canadian organization called Kibaale Children’s Fund (now Kuwasha). One day Bram came by our location. We talked a bit - someone told me he was influential and “worked for google or something” and then I learned his real identity and the software he was a part of. I was just on the brink of beginning a career in IT at the time and later in life as my skills and toolset grew I realized his significance. He never spoke of VIM in person during our time and was an incredibly humble quiet man, dedicating his time to helping children in need through ICCF Holland, which operated out of the same school I was working with as I recall. I found Bram incredibly genuine, and was also highly impressed with the ethics he brought to his efforts in the local work in Uganda (where it is typical to see fundraising dollars sliced and diced with admin-fees - ICCF turned every cent of a dollar back into the community.) He will be missed by many in that part of the world for such a massive impact he was able to have through funds raised through VIM. May he rest in peace.
> in Uganda (where it is typical to see fundraising dollars sliced and diced with admin-fees - ICCF turned every cent of a dollar back into the community.)
That’s very good to hear. I donated, but not very much – I assumed that their money would end up going to the wrong places. How did Bram manage to avoid this?
> Compared with other organizations that do child sponsorship the amounts are very low. This is because the money goes directly to the centre. Less than 5% is used for administration. This is possible because this is a small organization that works with volunteers. [...]
> How do you know that the money will be spent right? First of all you have my personal guarantee as the author of Vim. I trust the people that are working at the centre, I know them personally. Further more, the centre has been co-sponsored and inspected by World Vision, Save the Children Fund and is now under the supervision of Pacific Academy Outreach Society. The centre is visited about once a year to check the progress (at our own cost). I have visited the centre myself many times, starting in 1993. The visit reports are on the ICCF web site.
I shouldn’t speak for Bram or ICCF but can point you to the financial docs which give a great explanation https://iccf-holland.org/iccf.html
From KCFs perspective where I worked, during my time there, I fundraised my salary (expenses) personally “door to door” to keep any funds donated to the organization going direct to the kids and community. I understood this was the case for others as well. I believe Bram paid for flights out of his own pocket.
Hey, the main purpose of the tool is not to enjoy visualizations yourself, but to share with your audience if you're musician. Specifically for teasing your songs that are work-in-progress (snippets).
1. You don't need a computer to make a visualizer video
2. You (obviously) don't need Winamp and video/audio capturing software to make a video.
The roadmap just makes the whole thing user-facing so there's a status in Teams of where you currently are. But IT knew all along. And if IT didn't have tools deployed to get this info already count yourself lucky to work at an immature org security-wise.
reply