If the attacker opens the document on a computer connected to the internet, it will.
IIRC, the way it works: the document contains external resources with a unique identifier attached to the campaign, which the document viewer will attempt to connect and fetch. When the document viewer makes the request to retrieve the online resource, it will trigger the alert, collect IP, GEO information, and whatever other data it can collect.
You can use this over the internet, or host internally for internal networks without access to public internet.
IIRC, the way it works: the document contains external resources with a unique identifier attached to the campaign, which the document viewer will attempt to connect and fetch. When the document viewer makes the request to retrieve the online resource, it will trigger the alert, collect IP, GEO information, and whatever other data it can collect.
You can use this over the internet, or host internally for internal networks without access to public internet.