Terms of use Microsoft 365 for employees
General Terms of Use
Microsoft365 (M365) is a cloud-based service from Microsoft, which RWTH Aachen University enables its employees to use within a defined framework.
The services offered are provided on servers located in Microsoft cloud data centers and not in the RWTH Aachen University data center. RWTH Aachen University therefore has no physical access to the hardware. However, RWTH Aachen University is responsible for implementing authentication and managing the licenses.
The use of OneDrive, SharePoint Online and Office Web Apps is only possible under the following conditions:
Only employees who previously used the RWTH tenant, which was switched off on April 29, 2024, can apply for an extension for M365. You can find the application procedure here .
The IT Center has also implemented the following framework conditions centrally:
- M365 has been reduced, as far as technically possible, to the following apps: OneDrive, SharePoint Online and Office Web Apps as cloud applications as well as the licensing of locally installed Office.
- The following lifecycle is implemented:
- Accounts of employees are removed from the M365 area after leaving RWTH Aachen University (i.e. users are no longer visible to others and can no longer log in). The final deletion of the account and the data associated with the account in OneDrive will take place 30 days later.
- Guest accounts are automatically removed from the M365 area after 3 months without login (i.e. the users are no longer visible to others and can no longer log in). The final deletion of the account takes place after 30 days.
- For SharePoint sites, after 3 months of inactivity, corresponding notifications are sent to the administrators. If no activity is detected after three reminders at two-week intervals, the respective site will be removed and permanently deleted after 30 days.
- For SharePoint sites, notifications are sent to administrators after 3 months of inactivity. notifications are sent to the administrators. If no activity is detected after three reminders every two weeks, the respective site is removed and permanently deleted after 30 days.
- The following storage limits are assigned:
- Personal OneDrive: 50 GB
- SharePoint (team) site: 1 TB
- The following labels are specified, which can be used to categorize the data: public, internal, confidential, strictly confidential. These labels refer to the data classification and will be explained in the documentation soon.
The following obligations apply to the user. These result directly from Microsoft's license conditions and measures for compliance with data protection and data security:
- Microsoft software and services are used in accordance with the current version of the Product Terms (PTs), the Online Services Terms (OSTs) and the Data Protection Addendum for Online Services (DPA). These can be viewed on the Microsoft website.
- The software and services are to be used exclusively for official purposes or for official projects in compliance with the statutory retention periods and archive law.
- The use of M365 is intended for activities in the context of RWTH Aachen University. Accordingly, the storage of private data in OneDrive and SharePoint online is not permitted, nor is its use for commercial purposes.
- When using M365, the applicable legal provisions and regulations (license law, data protection law, personnel file law, tax law, copyright law, telemedia law, archive law, US export control law, etc.) must be observed.
- You are only authorized to use the software and services during the licensed period. All software must be deleted or services may no longer be used if RWTH Aachen University terminates the MS Federal contract with Microsoft or does not submit an accession or renewal order or does not acquire perpetual licenses before the end of the licensed period, depending on which event occurs first.
- The use of BitLocker keys for employees is not possible. The use of BitLocker must be checked on all devices on which Windows has been activated via the RWTH tenant and deactivated if necessary. If BitLocker encryption or similar is desired, please contact the IT administration of your institution.
- Strictly confidential data must not be stored in the cloud due to the very high protection requirements; accordingly, storage in OneDrive and SharePoint online as well as editing with the Office Web Apps is not permitted:
- Data containing information that could lead to damage or liability for the University if published or lost, as well as personal data for which compliance with data protection regulations or the fulfillment of information obligations cannot be ensured.
Examples of this are:- Personal data (attendance lists or lists of participants at an event), in particular data relating to racial or ethnic origin, political opinions or religious or cultural beliefs.
- Travel or salary statements (financial data, social data, data relating to personnel files)
- Research data that is not intended for the public anyway
- Technical data (construction plans of sensitive rooms; network plans)
- Protected data (sick notes, draft certificates, contracts)
- Examinations (expert opinions and corrections)
- Data containing information where unauthorized access must be prevented. This includes, in particular, information that must be kept secret due to contractual obligations or information that is subject to a duty of confidentiality.
- Data containing information that could lead to damage or liability for the University if published or lost, as well as personal data for which compliance with data protection regulations or the fulfillment of information obligations cannot be ensured.
- Confidential data must be stored in SharePoint online in encrypted form.
- When using OneDrive as a personal document repository, i.e. without sharing the documents with other people, there is an obligation to encrypt the stored data. Corresponding instructions and information on tools will soon be documented in the IT Center Help.
- When using the Office Web Apps, the data processed there is automatically stored in the cloud (in the personal OneDrive area). The same rules apply here as for OneDrive.
- SharePoint Online:
- A SharePoint site should only be used if a team of at least 3 people is working on it.
- To ensure the ability to act and representation, at least two administrators/owners must always be specified for a SharePoint site.
- No central backup is created by the IT Center or Microsoft for the data stored in OneDrive and SharePoint online. Documents can be synchronized to specific end devices. The document versions of the last 30 days are stored online in OneDrive.
- OneDrive and SharePoint Online are not systems for permanent storage in the sense of archiving.
- Sharing documents in OneDrive or collaborating with external parties in SharePoint online:
- Although the use of OneDrive and SharePoint Online is possible between universities for existing contracts or projects, we recommend the use of Sciebo. As an established service, Sciebo already covers this use case.
- Shared use with external companies or research institutions is only possible with existing contracts (e.g. cooperation agreements) that regulate the exchange of data. It must be ensured that all parties have a corresponding license. If you have any legal queries, please contact Department 9.
- Sharing OneDrive and SharePoint Online with private individuals who have no (contractual) relationship with the university is not permitted.
- From the point "confidential" onwards, data may only be stored and shared in encrypted form.
By using M365, you accept the above regulations.
In addition, we recommend the following actions:
- Use the option of labeling the stored data and documents with appropriate categories. Corresponding instructions will be added to our documentation shortly.
- Exclusive use of the WebApps (without alternative local Office solutions) is not recommended due to the lack of the option of purely local storage.
- Please observe the existing RDM processes and solutions at RWTH Aachen University when processing and storing research data.
- The use of private devices is at your own risk.
Do not save/synchronize the data on private devices. If the data is lost on the end device, RWTH cannot provide any guarantee or support.
Terms of use for Microsoft Teams for employees of RWTH Aachen University
Microsoft Teams has been used at RWTH Aachen University with limited functionality since the start of the coronavirus pandemic in 2020. The focus was on enabling video conferences and chats to ensure service operations.
With the introduction of Webex and the associated functionalities, there are overlaps so that the original purpose of Microsoft Teams is no longer given.
A transitional solution will come into force until the end of the Microsoft federal contract (April 30, 2025). In addition to the general terms of use of M365, the following general conditions apply:
- Microsoft Teams will continue to be used via the M365 tenant.
- The use of Microsoft Teams is only permitted for business purposes or business projects.
- Employees may only use Microsoft Teams if this is absolutely necessary for collaboration with external partners.
- This necessity is confirmed by setting the checkbox in the self-service. If this is no longer necessary, the checkbox must be removed. As a result, the Microsoft Teams license is automatically withdrawn after a processing time of up to 24 hours.
- The use of Microsoft Teams is subject to the applicable legal provisions and regulations, including data protection law, copyright law and license law.
- You are only entitled to use the software and services during the licensed period. Use ends upon termination of the Microsoft federal contract or non-renewal of the licenses.
- Lifecycle of Microsoft Teams:
- Accounts: 30 days after withdrawal of the Microsoft Teams license, the data belonging to the Microsoft Teams account will be deleted. Group memberships and content already published in groups will not be deleted when the license is withdrawn. Within these 30 days, the checkbox can be activated again to continue accessing the data. The processing time of up to 24 hours should be considered when deactivating or reactivating the checkbox.
- Groups/Teams: As soon as a group in Microsoft Teams no longer contains any members of RWTH Aachen University, a period of 60 days starts. After this period expires, the group is deleted. Guest accounts do not count as members of a group here.
- Groups/Teams without owners: If a group no longer has an owner, and a new person is to be appointed to take over ownership, all current permanent members (excluding guests) must confirm the new owner. To do this, a member of the team should initially contact the IT Service Desk (servicedesk@itc.rwth-aachen.de). The further procedure will then be explained by the IT Center.
- Guest accounts: Guest accounts are deleted from the M365 tenant 60 days after the last login.
By using Microsoft Teams, you accept the above regulations and are obliged to comply with them.