How Microsoft Teams' New Activity and Location Tracking Actually Work—and Why They're Raising Red Flags

How the New Tracking Features Work

The concern is driven by two distinct capabilities.

1. Stay Available When You’re Active (Web)

This is a user-enabled setting for Teams on the web. Once you toggle it on, Teams can detect activity on your device—such as typing in a document or moving your mouse—even when the Teams browser tab is minimized or not in focus. The result is that your status remains "Available" and doesn't switch to "Away" after five minutes of inactivity within the Teams tab . To function, the browser must be compatible (Chrome v94+ or Edge v114+) and will prompt you for permission to detect this activity .

2. Workplace Check-In via Wi-Fi

Part of the Microsoft Places service, this feature allows an organization to automatically update an employee’s work location to "in the office"—sometimes down to a specific building or floor—when their laptop or device connects to a configured corporate Wi-Fi network . The feature is disabled by default and requires a tenant administrator to create and assign a policy using PowerShell before it does anything . Microsoft's documentation also notes that location data is collected only during configured working hours and is deleted daily .

Microsoft's Stated Rationale

Microsoft frames both features strictly as productivity enhancers for hybrid work, not as monitoring tools. The web presence feature is meant to solve the long-standing annoyance of appearing "Away" to colleagues while you're actively working in other apps or browser tabs . For Workplace Check-In, the company says the goal is to help employees coordinate in-person collaboration seamlessly by keeping their location status up-to-date automatically . A Microsoft spokesperson directly told Fortune, “It is not a monitoring tool and we do not support employee surveillance in any way” .

The Core Privacy Challenges

Despite the productivity framing, several major privacy issues emerge.

Coerced Consent in an Opt-In Model

Both features require enablement and explicit consent. Workplace Check-In is off by default, admins must turn it on, and employees reportedly can consent or refuse . The web presence feature is a simple user toggle . However, critics and labor experts warn that opt-in offers little protection if an organization treats participation as a de facto requirement. An employee who refuses when the rest of the team is enrolled could fear signaling non-compliance or a lack of transparency . The “choice,” in practice, can become coercive.

Secondary Use and Function Creep

The stated purpose of Workplace Check-In is coordination, but the data it generates—connecting to the office network—is a powerful proxy for attendance. This creates a palpable risk that data collected for one reason could be repurposed for another, such as enforcing return-to-office mandates, monitoring attendance, or even factoring into performance evaluations . Microsoft may not build the analytics dashboard for these secondary uses, but the legal and practical responsibility for how employers use that data falls squarely on the organizations that deploy it .

A Blurred Line Between Helpful and Intrusive

The automatic nature of the data collection is a key sticking point. With Workplace Check-In, simply connecting to Wi-Fi updates your status without you actively doing anything, creating a persistent awareness of your location . Similarly, the web presence feature creates an "always-on" awareness of your general device activity, something many employees may not fully grasp when approving a browser permission pop-up. Critics argue this blurs the line between a helpful status update and a surveillance mechanism .

Significant Legal and Regulatory Exposure

The European regulatory environment is especially challenging for these features. Legal experts have explicitly warned that the Teams 2026 location features will test strict workplace privacy laws, particularly in Germany and Austria, where mandatory works council consent and individual employee approval may be required before any such monitoring is implemented . Employers deploying these features must assess whether the data collection is transparent, necessary, and proportionate to the stated business purpose under regulations like the GDPR. Without such justification, organizations face tangible legal risk .

The Decisive Factor: Who Can See the Data?

The acceptability of these features pivots less on the raw technology and more on visibility. Knowing that a direct supervisor can see you're in the office to schedule a quick meeting feels proportionate to a legitimate business aim. That same data being visible to every colleague, or being fed into an HR analytics dashboard that tracks patterns across a department, is far more intrusive and difficult to justify under data-minimization principles .

This is where a critical gap emerges. The available evidence does not clearly show whether Microsoft provides granular access controls that would allow an organization to restrict location visibility to a line manager only, versus making it broadly visible. How organizations configure and govern this visibility will ultimately determine whether the tool is a reasonable coordination feature or an instrument of disproportionate surveillance. That ambiguity itself is a principal element of the privacy concern.