This is an old revision of the document!


Microsoft Office 365

Overview Office 365

Office 365 is a software suite by Microsoft that combines the familiar Office applications (Excel, Word, and PowerPoint) in online versions with cloud-based storage and collaboration applications in one subscription service. The goal is to provide a comprehensive range of applications and services that simplify daily work from anywhere with any device. [1] The Microsoft in-house cloud storage OneDrive serves as file storage, on which 1TB storage space is available for each user by default. [2] For efficient team communication via text, audio and video, the platform Teams is available so that both large and small working groups can work together from anywhere.

Office 365 is offered in several different models for private, business and educational use. Via the Microsoft Campus Agreement basic licenses (Office 365 A1) are available for employees, which can be activated for interested users through our GWDG portal.

Once a user account has been activated and synchronized, access to the Office 365 applications is enabled via office.com using GWDG login credentials. After authentication via the ADFS service of the GWDG (adfs.gwdg.de) the portfolio of available web applications appears. Links to download the client applications are also provided.

Who can use Office 365?

Currently, Office 365 is activated for the employees of the GWDG and the University of Göttingen and can be used in productive use. This does not include the employees of the UMG and the central administration of the University. There the use of Office 365 is prohibited and the activation not released. Students get access to Office 365 exclusively via Studyhouse (Asknet/Nexway) for a fee of 4,99€/year. With the MPG organizational and licensing issues have to be clarified. The use of Office 365 is not possible here either.

Activating for Office 365

The following steps are necessary for independent activation for Microsoft Office 365 via the GWDG:

  1. In the account management under External services click on Edit
  2. Click Activate for Office 365 / Teams
  3. Read the data protection information and submit the displayed data protection dialog if you agree
  4. After max. 30 minutes the user account is activated

Licenses

The pool of Office 365 licenses includes the basic package called Office 365 A1 (for details see License Overview). Licenses are assigned to individual users via groups in the Active Directory (AD) of the GWDG. These groups are created exclusively for this purpose and are equipped with licenses for the individual applications in Office 365.

Activated Applications

The following services are currently activated for the Office 365 users of the GWDG:

The classic Office applications Word, Excel and PowerPoint are only available in an online version and can be used in parallel with locally installed Office programs that were installed using the Office 2019 package (for details see License Overview). In the Web applications, only OneDrive can be used as data storage, whereby the data is stored on Microsoft servers and therefore some notes must be observed, especially from a data protection perspective (see Data Security). Locally installed Office applications also allow access to local resources, so that the processed data can still be stored at the GWDG.

Authentication

User authentication is provided by the ADFS service adfs.gwdg.de operated by the GWDG. The Active Directory Federation Service (ADFS) enables a single sign-on with the login credentials stored at the GWDG and access to connected services. Microsoft itself therefore does not receive access to the login password (or other login factors) when logging on to Office 365.

User Data

User Synchronization

When a user is activated for Office 365, his account is synchronized from the AD of the GWDG to the Azure AD of the GWDG mandate at Microsoft. This is necessary so that Microsoft can assign all customer data to this account and so that the logon via the ADFS service of the GWDG works. During synchronization, the amount of account information transferred can be fine-grained, so that only the user attributes necessary for proper operation are shared with Microsoft by the GWDG AD. In addition, the groups described above are indispensable for license distribution. The following two tables show which objects from AD are generally synchronized and which associated attributes are involved.

object type AD → Azure AD Azure AD → AD Reason for synchronization Object filter
user X Access to Office 365 for users User must be given authorization for Azure access through the IDM, either by an administrator or in self-service.
contact
group X Organization of synchronized users, especially for license distribution Groups must be manually marked as Azure groups by an AD admin.
device

When selecting the object attributes to be synchronized, Microsoft provides a short list of mandatory and an extensive list of recommended attributes. The GWDG has decided to share only the most necessary user data from its own AD with Microsoft.

Attribute Description Reason for synchronization user contact group device
accountEnabled defines whether an account is activated [3] mandatory X X
displayName A string representing the name that is often displayed as the display name (firstname lastname). [3] User identification using real name for the user X X X
mail Complete e-mail address [3] Contact possibility for system and user X X
userPrincipalName This user principal name is the login ID for the user. Usually identical with the value [mail].. [3] mandatory X
sourceAnchor Mechanical property. Invariable identifier which maintains the relationship between AD DS and Azure AD. [3] mandatory X X X
member List of group members as AD Distinguished Name License distribution via AD groups X
securityEnabled Defines whether a group is a security group Required for group synchronization [4] X
deviceId Identifier of the device belonging to the object mandatory X

Data Management at Microsoft

Microsoft promises in its own Microsoft Trust Center not to use the stored data for advertising or marketing purposes. In addition, Microsoft safeguards such policies with the Code of practice for protection of personally identifiable information in public clouds (ISO/IEC 27018). [5] The Online Service Terms set forth all rules for data management. These include the following points:

  • The customer retains all rights and ownership of his customer data.
  • The use of customer data is limited exclusively to the provision of the agreed services.
  • Customer data protection measures comply with the requirements of ISO 27001, ISO 27002 and ISO 27018
  • Data transfers outside the European Economic Area or Switzerland are secured and documented in accordance with the GDPR.
  • Customer data is deleted 90 days after the end of the subscription.

Data Protection Information according to GDPR Art. 13

This information supplements the data protection information of the GWDG (https://www.gwdg.de/privacy-notice) wherever applicable:

The processing, including the transfer of personal data to Microsoft, takes place within the scope of providing the online services described above. Since the use of the services represents an additional offer, the legal basis is consent in accordance with GDPR Art. 6 Paragraph (1) Letter a).

The right of revocation results directly from the consent, which is possible via the GWDG customer portal, just like the consent. The other rights of the persons concerned (right to information, correction, deletion, blocking, transferability) can be exercised as described in the GWDG data protection declaration.

Processed Data, Recipient of the Data, Third Country Status

The following data is collected and shared as part of the Microsoft cloud services, which include Office 365 incl. OneDrive:

  • User ID (for details see User Synchronization)
  • Membership of the institution “University of Göttingen”
  • Stored data (OneDrive), if necessary also data actively used in Office 365 applications

The data will be passed on to Microsoft Inc. and a transfer of data to the USA cannot be ruled out. The USA is a so-called third country in terms of data protection. The PrivacyShield Agreement between the EU and the USA guarantees a data protection standard comparable to the GDPR, but the CloudAct nevertheless grants US investigative authorities access to the data in case of doubt.

Storage Duration

After the end of the subscription by revocation of the user or expiration of the Microsoft Campus Agreement, the customer data will be kept for 90 days and restored in case of reactivation. After 90 days, the data is automatically deleted.

Data Security

When using the Microsoft online services, the guidelines for information security of the University of Göttingen (only available in german) must be observed. Every user must be aware that data in Office 365 is stored in OneDrive and thus on Microsoft servers. With sensitive data (e.g. personnel or financial data), storage on external servers is prohibited.

Help and Support

OneDrive

Teams

OneNote

Word

Excel

PowerPoint

Office 365 Overview

References

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies