Activity History in windows: full user guide

Activity History is a Windows feature that records user actions such as opening documents, launching apps, and browsing in Edge to help users resume tasks across sessions and devices. For instance, an employee at SPI Health and Safety in Canada working remotely on a shared laptop can continue editing the same Word document later on their PC using their Microsoft account. While it’s especially useful in hybrid work environments, there are extra security and diagnostic reasons that other Windows users might find it useful.

Here’s everything you need to know about understanding and using Activity History in Windows.

Why should you track Windows Activity History?

Not tracking Activity History in Windows or, more specifically, failing to properly retain and analyze activity logs, might set you up for future problems. Imagine your laptop is suddenly acting really weird (pop-ups, slow internet, or even some missing files). You try to remember what you did in the last few days, but because your computer wasn’t keeping a “history log” of apps you opened, websites you visited, or files you downloaded, you have no idea when the problem started or what might have caused it.

It’s like trying to solve a mystery without any clues, leaving you scrambling to fix it and worrying if your personal info is safe.

The real risks include:

• Reduced security posture and incident response: Without Activity History, it’s incredibly difficult to detect, investigate, and respond to security incidents like unauthorized access, malware infections, or insider threats. You lose crucial forensic data that shows what happened, when it happened, and who was involved, making root cause analysis and remediation nearly impossible.
• Difficulty in troubleshooting and problem diagnosis: Activity History provides a valuable record of system and application behavior. Without it, diagnosing the reason for system crashes, application hangs, performance issues, or unexpected reboots becomes significantly more challenging and time-consuming. You lose the context of events leading up to a problem.
• Compromised compliance and auditing: Many regulatory frameworks (like GDPR, HIPAA, and PCI DSS) require organizations to retain logs of user and system activity for specific periods. Failure to do so can result in hefty fines, legal penalties, and damage to reputation.
• Lack of accountability and user monitoring: In a multi-user environment, Activity History helps RMM tools track user actions, which is essential for accountability, identifying misuse of resources, or understanding productivity patterns.

A lack of effective, real-time user activity monitoring and insufficient logging can lead to a significant delay in detecting insider threats, making accountability difficult and allowing data exfiltration to occur undetected. Proofpoint, a cybersecurity vendor, sued a former executive for allegedly stealing confidential sales data. Proofpoint’s internal systems and insider threat software reportedly failed to alert admins about suspicious activities, and it was months before Proofpoint’s security realized any theft occurred.

» Improve monitoring by enabling and using WinRM

Benefits of enabling Activity History in Windows

Aside from diagnostic data and improved security, you can expect the following benefits from enabling Activity History:

• Seamless task continuity across devices: Activity History allows users to resume work, like editing a document or browsing a webpage, on another device using their Microsoft account. This cross-device continuity boosts productivity in hybrid work setups where employees might split their time between an office, their home, and potentially other sites.
• Enhanced productivity through Timeline recall: Users can revisit previously opened apps, files, or websites, reducing time spent searching for content and boosting overall productivity. This feature is especially useful in fast-paced environments with frequent multitasking like digital marketing, software development, customer support, and IT.
• Improved user experience in shared or rotating workstations: In organizations with shared devices, Activity History helps users maintain session continuity. For instance, in a call center setup, agents can resume CRM tasks without reloading data manually. This minimizes friction and improves operational flow.
• Integration with Microsoft Services for personalized suggestions: Activity History feeds into services like Cortana and Microsoft Launcher to offer context-aware recommendations. A project manager using Outlook and Teams may receive prompts to reopen related documents or join meetings based on recent activity.
• Auditability and workflow tracking in enterprise environments: In compliance-heavy industries like healthcare and finance, Activity History can support internal audits by showing app usage patterns and document access timelines. While not a full forensic tool, it complements enterprise monitoring platforms by offering endpoint-level visibility.
• ESG and sustainability: Forward-thinking organizations like NTT Data (Tokyo) have explored using Activity History to track idle time and app usage patterns, helping reduce unnecessary energy consumption on endpoints. This supports Scope 2 emissions reporting and aligns IT operations with broader sustainability goals.

» See our top hardware monitoring software for 2025

How to view, enable/disable, and clear Activity History in Windows

Locally, through system settings

Please note: Since January 2024, Microsoft has removed Timeline in Windows 11 versions 22H2 and 23H2lk, meaning this method will only work on older versions of Windows. If you’re considering upgrading from Windows 10, be sure to manually clear old Timeline data via the dashboard to avoid residual cloud logs.

Otherwise, follow these steps:

1. Press Windows + I to open settings
2. Go to Privacy & Security > Activity History
3. Scroll to view options like “Store my activity history” and “Clear history“
4. Toggle “Store my activity history on this device” to On or Off, depending on your preferences
5. (Optional) Uncheck “Send my activity history to Microsoft” if you wish
6. Click “Clear history” to delete existing logs

This shows local activity such as app launches, file access, and browsing (via Edge), but it doesn’t display a full timeline of actions. If you’re on a more recent version of Windows but are still worried about better diagnostics or troubleshooting of Microsoft services, you can enable various degrees of diagnostics and personalized experiences through Privacy & security > Diagnostics & feedback.

If you still want to view local activity in recent Windows versions, your best options include:

• Recent files, favorites, and shared data in File Explorer
• Microsoft Privacy Dashboard for cloud activity, outlined in the section below
• Third-party tools like Atera’s IT Automation

Exporting local activity history

Unfortunately, local activity history stored on the device (e.g., app launches or file access) cannot be exported directly via Windows Settings. There are some manual extraction methods using PowerShell or third-party tools, but these methods are not officially supported and may lack completeness or correct formatting.

Through Microsoft Privacy Dashboard

Follow these steps:

1. Visit Microsoft Privacy Dashboard
2. Sign in with your Microsoft account
3. Navigate to Empower your productivity

Here, you can view cloud-synced data like:

• Browsing history (Edge)
• Search history (Bing)
• App & service usage
• Location activity
• Media consumption
• Chrome extensions

Each category includes options to download, delete, or filter data, as well as offering you the ability to use the dashboard to audit cross-device activity and clear sensitive data regularly.

» Here are 5 ways cloud innovation enhances IT management

Clearing cloud-based activity

Follow these steps:

1. Visit the Microsoft Privacy Dashboard
2. Sign in and expand categories like App activity, Search history, or Location
3. Click Clear all activity for each section

Cloud deletion removes data synced across devices via Microsoft accounts. Remember to clear both local and cloud history to ensure full privacy, especially after switching devices or accounts.

» Stay protected by understanding the biggest threats to cloud storage security

Exporting cloud activity history

It’s possible to export your cloud activity history—but only partially and with other limitations. Follow these steps:

1. Visit the Microsoft Privacy Dashboard
2. Sign in and go to Empower your productivity
3. Select categories like App activity, Search history, or Location and click Download

The limitations of this method include:

• Format restrictions: Cloud exports are delivered in JSON, which may require conversion for readability or integration.
• Partial data: Only cloud-synced activity is included; local-only actions like offline app usage are excluded.
• Compatibility risks: Migrating data to another system (e.g., new PC or OS) doesn’t restore Timeline or session continuity.
• Data integrity: Manual exports may omit metadata or misalign timestamps, especially if done via third-party tools.
• Privacy controls: Some categories (like InPrivate browsing) are never stored or exported.

» Learn more about how AI is leading the digital IT transformation and discover the best endpoint management software

What if Activity History isn’t working? 5 troubleshooting tips

If Activity History isn’t displaying, syncing, or doesn’t stop collecting even after being disabled, here are some practical troubleshooting tips you can try:

• Verify Microsoft account sync: Go to Settings > Accounts > Your Info and confirm you’re signed in with a Microsoft account. Activity syncing requires this.
• Update windows: If you don’t have automated Windows updates, go to Settings > Windows Update and install pending updates. Sync issues often stem from outdated builds, so you should consider updating various drivers as well.
• Clear cache files: Delete ActivitiesCache.db from Users\{username}\AppData\Local\ConnectedDevicesPlatform. This resets corrupted local logs. If you can’t find the necessary folders, be sure to show hidden items by clicking on View > Show > Hidden items.
• Use Microsoft Privacy Dashboard: Visit Microsoft Privacy Dashboard to confirm cloud data status and manually clear or verify synced history.
• Restart your device: After making any changes to Activity History settings, be sure to restart your device to ensure that settings take effect. Some users have reported lingering logs due to delayed cache clearing.

Taking Windows Activity History a step further with efficient, automated IT management

The comprehensive tracking and intelligent management of Windows Activity History can help you cultivate robust cybersecurity, efficient troubleshooting, and transparent accountability within your organization. Neglecting this vital data stream leaves your systems vulnerable, complicates incident response, and hinders productivity.

For IT professionals seeking to maximize these insights, leveraging enterprise IT management platforms offers a significant advantage. Tools like Atera go beyond native Windows capabilities by providing endpoint-level tracking and robust export options, empowering both internal IT teams and consultants with the data they need.

While Windows itself lacks native behavioral dashboards, platforms like Atera enable IT teams to correlate Activity History with crucial data points such as endpoint performance, login patterns, comprehensive audit logs, and application usage. This correlation is vital for detecting anomalies; for example, a sudden spike in document access outside business hours could flag a potential insider threat, especially critical in sensitive sectors like finance or legal.

Furthermore, these platforms provide a centralized view of system events and device health across multiple users and locations, even when Windows telemetry is disabled. With AI-powered reporting and automated audit trails, solutions like Atera help IT departments maintain compliance with stringent standards such as HIPAA or GDPR.

Admins gain the ability to filter logs by technician, device, or action type, and easily export them for audits or QBRs. This centralized oversight ensures that user activity is traceable, secure, and aligned with organizational policies, even in complex remote or hybrid environments. Atera’s AI Copilot further automates IT actions, empowering teams to transform raw data into actionable intelligence, ensuring a more secure, stable, and productive environment.

» Interested? Start a free trial today