Deutsch Intern
  • 50-jähriges Jubiläum des Rechenzentrums
Information Technology Centre

Privacy and information security issues

Why can't the free personal Microsoft account be used for official use?

The university is responsible for personal data it processes. The university must comply with numerous regulations, such as archive law, data protection law, budget law and tax law. The necessary control is only possible with the Campus and School Agreement from Microsoft. In addition, with a personal Microsoft account, the contract exists only between you and Microsoft; the Microsoft Campus and School Agreement has been concluded by the university.

How can I use Microsoft 365 even more securely?

We recommend enabling two-step verification at login and regularly checking your account activity.

In addition, you can use Cryptomator or Veracrypt, for example, to additionally secure data that requires special protection against unauthorized access.

Is Microsoft 365 secure as a service?

Microsoft has comprehensive security certifications. However, there is no such thing as 100% security.

The customer data is at rest in the EU and Microsoft has a BSI C5 certificate, which would even allow federal authorities to use it in appropriate cases.

May personal data be processed at all by Microsoft, a US corporation?

Yes, as long as Microsoft offers legally appropriate safeguards. Microsoft processes the files and folders as a processor bound by instructions for the provision of the service, including further development and support. Guarantees are in place with standard contractual clauses and additional safeguards. Residual risks have been accepted by the university management.

Can the university's Microsoft account be deleted?

Personal accounts are deleted timely after the data subject has left the university or the project has ended.

What do I need to be aware of when sharing files via OneDrive or creating teams with Teams?

Please always enter your full email address or Microsoft Account with copy and paste, otherwise other people with the same name may gain access.

What measures have been taken for even more data protection?

Login

The password is not stored at Microsoft when logging in with a Microsoft account of the university.

Windows

If you are using a university-managed endpoint, Windows 10 diagnostic data is reduced to the "Security" level.

Office

For Microsoft Office applications, the level has also been set to "required" or "neither". In addition, users can download your diagonal data viewer via the Microsoft Store for Education.
In addition, the optional connected experiences in the Microsoft 365 App for Enterprise, Office for the web, Teams, and Whiteboard have been disabled.

Reduction of services

Some services from Microsoft 365, such as Exchange Online or Yammer, have been deactivated.

Analytics

Services such as MyAnalytics, the productivity score, Delve, Viva are not provided. Usage reports on the use of services are only aggregated.