Microsoft365 is a cloud service offered by Microsoft for employees of the RWTH Aachen University and through which various office products (e.g. teams) are available. RWTH Aachen University has limited the use of Microsoft365 organizationally and technically to the application Teams and, for local use on business devices for work-related usage, the applications OneNote, Outlook, Word, Excel, and PowerPoint.

The offered services are provided on servers that are not located in the RWTH Aachen University data centers and to which the RWTH Aachen University has no physical access. Microsoft alone is responsible for the services offered there.

The authentication for Microsoft365 is realized via the Single-Sign-On Account (Shibboleth). Please confirm the following points for use:
 

•     Notice of the transmission of personal data to Microsoft. This data is concrete: first and last name and e-mail address and serves exclusively to identify the user.
•     Since Microsoft365 is a software with US origin, US export control law must be observed in addition to directly applicable national and supranational law. You can find further information here.

The following general conditions apply for use:

1.     The use takes place over a separate area m365.rwth-aachen.de, which was put into operation exclusively for this purpose
2.     The new M365 area has been reduced, as far as technically possible, to the use of the following apps: Microsoft Teams, as well as OneNote and the Office applications Outlook, Word, Excel, and PowerPoint. All but the former are only available for work-related usage on business devices. This means that no further M365 apps can be used by employees, and no further third-party apps can be integrated into Teams itself
3.     The transfer of personal data (i.e. first name, last name, e-mail address) is controlled by the IT Center
4.     Authentication is done via the Single Sign On Service (Shibboleth) of the RWTH. No access data (user name + password) is passed on to Microsoft

In addition, the user has the following obligations:

1.     The need for protection of the data stored in Microsoft365 must be checked with regard to the data category, the need for protection and suitability and, if necessary, must be coordinated with the data protection officer of RWTH Aachen University.
2.     The backup of data stored in the cloud is the responsibility of the respective user
3.     The use of Microsoft365 for private purposes is not allowed.
4.     Applicable contractual agreements, legal regulations or RWTH internal guidelines for the use of data must be observed and, if necessary, coordinated with the data protection officer. Examples are agreements with third parties on confidentiality or legal requirements from the German Data Protection Ordinance (DSVGO), which may preclude storage with a cloud service or only allow it under certain conditions. The following applies in particular:
   1.         Personal particularly sensitive data in accordance with Art. 9 Para. 1 DSGVO may not be stored in the cloud either unencrypted or encrypted. This includes data revealing racial or ethnic origin, political opinions, religious or ideological beliefs or trade union membership, as well as the processing of genetic data, biometric data for the unambiguous identification of a natural person, health data or data relating to the sex life or sexual orientation of a natural person.
   2.         General personal data not covered by the data mentioned under a. are only to be stored in encrypted form. Unencrypted storage is not permitted.
5.     The valid license and usage conditions of Microsoft must be adhered to: https://www.microsoft.com/en-US/useterms and https://www.microsoft.com/en-us/legal/terms-of-use