[coffeefueled]

It varies hugely, and is often more than is obvious.

Logging keystrokes and webcam monitoring is at the extreme ends of the covert/overt spectrum, and the trust/control spectrum. Perfectly possible, illegal in many countries, and betrays a lack of trust in employees (in most cases) that likely means the company has a rather toxic environment. There are some very unpleasant examples of this out there, not only for employees but also students using school-issued equipment.

In a much more subtle example, a company which provides their own DNS infrastructure can effectively monitor internet activity on company endpoints without relying on a proxy, and without the conscious awareness of most employees.