Sounds like he’s remoting into the computer in the office from another computer at home (pretty common in IT since you probably have admin tools perfectly configured on that computer and specifically configured for its network config) but with Windows Remote Access it lets the person physically at the computer see everything by default. But i would really hope that someone in IT would be painfully aware of why you shouldn’t do sensitive personal browsing on a work computer or a work network
pretty common in IT
I’ve never heard of anyone in IT regularly remoting to their work computer.
If we remote anywhere it is to a jump host, and those are terminal servers, so no monitor connected.
I don’t RDP that often to physical devices, but I’m pretty damn sure the default settings for RDP forcefully logs/locks out your user on the physical device and only your lock screen is visible. I have never tried it but I’m also pretty sure it’s possible to have two logged in users at once, one using RDP and one using the physical device.