Why should it be? A faulty software update from a 3rd party crashes the operating system. The exact same thing could happen to Linux hosts as well with how much access those IPSec programms usually get.

Can they find out?

No, not really. The Metadata doesn’t have a “pirated” flag and something like the product key doesn’t get saved. Microsoft themselves probably know due to their telemetry but even they can’t be bothered about it. I would bet that even you send a pirated document to the Microsoft CEO, they wouldn’t notice or even care enough to look for it.

But as always there is the important rule of “don’t fuck with work stuff, ever”.

It’s already questionable why she is editing company documents on here private PC without either a dedicated and remotely managed work particition + VPN or an O365 online work account. These documents fall under far stricter data safety regulations and the way it is right now, she is personally liable for any data leaks.