Microsoft 365

• Microsoft 365 Apps for Enterprise (Office 365)
• Office Mobile Apps (for mobile devices with iOS, iPadOS, Android, ChromeOS)
• Forms
• Sway

• Microsoft 365 Apps for Enterprise (Office 365)
• Office Mobile Apps (for mobile devices with iOS, iPadOS, Android, ChromeOS)
• Forms
• Sway

• Office Mobile Apps (for mobile devices with iOS, iPadOS, Android, ChromeOS)
• Forms
• Sway

What is Microsoft 365?

Microsoft 365 refers to licenses from the Microsoft campus contract at LMU. Through this campus contract, LMU members can use licensed programs and services from Microsoft for university purposes.

Where can I register?

You have to activate your LMU user ID in your user account (Benutzerkonto) under "Microsoft 365". Then you can log in to and use the Microsoft programs and services with your LMU user ID. We recommend that you first log on to the following page after activation: myaccount.microsoft.com.

What programs and services can I use?

You find the programs and services you can use under Apps & services and in your LMU Microsoft account under the item „subscription“.

What do I have to consider when using the programs and services?

The terms of use, data protection information, and Microsoft product and online terms apply.

Familiarize yourself with the terms and legal framework governing use of the Programs and Services.

The use of all programs and services is restricted to university purposes.

It is your responsibility to take care of backing up your data.

I previously had a Studisoft account or a Microsoft account with @lmu.de or @campus.lmu.de - what happens to it?

• Your previous Studisoft Office365 account (LRZ-identifier@unimuenchen.onmicrosoft.com) will be deactivated shortly after you create a new LMU Microsoft account. Please only use your new LMU Microsoft account.
• Previous Microsoft accounts with @lmu.de or @campus.lmu.de that were created via a self-service registration with Microsoft can continue to be used, but do not contain a license for the Office365 desktop programs. These accounts have had their username domains changed to @lmude.onmicrosoft.com and @campuslmude.onmicrosoft.com, respectively. We still recommend that you switch to a new LMU Microsoft account.
• You can find more information on this on this page in the sections "Studisoft accounts" and "Conversion of old Microsoft accounts with lmu.de & campus.lmu.de".

How can I create an LMU Microsoft account?

Go to the "Microsoft 365" page in the LMU user account and click on "Unlock".

How can I reset my password for my LMU Microsoft account?

You can change your password on the Change Password page in the LMU user account.

I cannot log into Microsoft services with my LMU user ID.

Please first activate your user ID on the "Microsoft 365" page in the user account. After a waiting period of 60 minutes, you can log in to the programs and services licensed for you with your LMU user ID and your password.

I can't store security information with Microsoft. Why is that?

This function is deactivated at LMU.

Can I create an LMU Microsoft account without personal information like my name?

No To create your LMU Microsoft account, your data must be transferred to Microsoft.

Can I change information such as my name or email address in my LMU Microsoft account?

No, these are transferred to Microsoft directly from the LMU user directory. If your data in the user directory changes (e.g. your name due to marriage etc.), this will also be automatically updated in the LMU Microsoft account.

How can I delete my LMU Microsoft account?

You can delete your LMU Microsoft account on the Microsoft 365 page in the LMU user account (LMU-Benutzerkonto). Please note that you will also lose access to your M365 licenses and cloud data.

Can I add more licenses to my assigned license pack?

This is currently not possible.

Where can I download Office365 / M365 Apps for Enterprise?

Log in with your LMU Microsoft account at www.lmu.de/m365-login. There you can download Office365 / M365 Apps for Enterprise and access the services and apps licensed for you.

I get the message "Keep me signed in to all your apps" or "Allow my organization to manage this device" - what should I do?

We recommend that you uncheck "Allow my organization to manage my device" and then click "No, only sign in to this app".

If you just click "OK" instead, your LMU Microsoft account will be stored on your computer. At the same time, the device is registered with Microsoft in your account and device information is stored with Microsoft.

What does it mean that I can install and use the programs on up to 5 devices?

This means that you can be logged into your account on up to 5 devices of the same type (5 PCs / Macs, 5 tablets, 5 mobile phones) at the same time. If you want to log on to a 6th device, you should first log off on one of the previous 5 devices.

You can install the programs on any number of devices, as long as you are not logged on to more than 5 devices at any one time.

Please check compliance with this regulation yourself by logging out of devices that are no longer used.

Can I use OneDrive?

The LMU does not yet provide its own OneDrive storage.

I can't create my own team in Microsoft Teams.

Creating your own teams is not yet available at the LMU. You can only log into teams if you have been invited as a guest to an external team outside of LMU. Otherwise, an error message will appear when you log in and you will not be able to use Teams.

Old Studisoft Office365 accounts in the format "LRZ-Kennung@unimuenchen.onmicrosoft.com" can no longer be used and have been deactivated. If you have used such an account, you should remove it from your devices and switch to a new LMU Microsoft Account.

I have used such a Studisoft Office365 account. What should I do now?

Log out the previous account with LRZ-Kennung@unimuenchen.onmicrosoft.com from all Microsoft programs (Office365, Teams etc.) from your devices.

Then remove the account from the Windows settings in the following location: Settings => Accounts => Access work or school account => Click on the account there and then click on "Disconnect".

If you are using a Mac, download and run the Microsoft Office license file removal tool.

LMU employees and students can continue to use Office365 with a new LMU Microsoft account. You can find all information about this further up on this page under LMU-Microsoft-Account.

I had previously created a Microsoft account with my @lmu.de / @campus.lmu.de address. what happened to it?

These Microsoft accounts had to be switched to other usernames. You can continue to use this account, but it doesn't include a license for the Office365 desktop programs. Your username for this account has been changed to the following:

• Benutzername@lmu.de => Benutzername@lmude.onmicrosoft.com
• Benutzername@campus.lmu.de => Benutzername@campuslmude.onmicrosoft.com

Can I keep this old Microsoft account?

We recommend switching to a new LMU Microsoft account. However, you can still continue to use your current Microsoft account. However, this does not contain an Office365 desktop program license.

I'm no longer receiving emails with this old Microsoft account. Why is that?

The connection to your LMU e-mail address was also broken when you changed your user name.

You will no longer receive notifications sent to the original email address for this account, such as Microsoft Teams invitations. You will only see notifications in the respective programs or services.

I have a problem with this account - where can I get support?

LMU can only provide limited support for these accounts. Contact the LMU IT service desk. We recommend you switch to a new LMU Microsoft account.

Licenses

• You may only use your LMU-Microsoft account and the associated Microsoft 365 products for university purposes. Private or commercial use is not allowed.
• The licenses provided are non-transferable and may only be used by the respective licensed user.
• You acknowledge that:
  • You are only authorized to use the software and services from M365 during the licensed period and for university purposes.
  • You will no longer have access to software or services after termination of the underlying license agreement.
  • You will be required to delete all software from M365 on your devices or may not continue to use M365 services if LMU Munich terminates the underlying license agreement or fails to join or renew or acquire perpetual licenses prior to the expiration of the licensed period, whichever occurs first.

Software and Service Offerings

• You acknowledge that LMU Munich distributes user-built configurations of the software and services from Microsoft 365. These will apply to all of your devices on which the university M365 account is used. In this context, LMU Munich completely excludes any liability for damages or misconfigurations of any kind on private devices.
• LMU Munich reserves the right to offer you only a selection of software and services from M365 or to restrict or deactivate individual functions of the software and services.
• LMU Munich may additionally regulate the usage options of individual software products and services from M365 by means of further usage guidelines.
• The Microsoft 365 software products and services available may change constantly. There is no legal claim to the use of certain programs, apps or services.

Office Store / Add-Ins / Extensions.

• The functions of the Microsoft 365 software products and services can be extended via add-ins. These add-ins can be added either via the add-in store or via stand-alone program installations, in which an add-in is also installed in addition to the main program. Only add-ins that have been tested and approved by LMU Munich may be used. A corresponding list of tested and approved add-ins is provided on the LMU IT-Service Desk page.
• If employees want to use add-ins that have not been checked and approved, the use must be approved and justified by their supervisor(s).
• If add-ins other than those allowed by LMU or approved by the direct supervisor are used, the respective user is liable for damages caused by the installation and use of the add-ins.

Legal Bases

• Use of the Software and Services is subject to the terms and conditions of the current version of the Microsoft Product and Online Service Terms (POST), the Online Services Privacy Addendum (DPA), and the Campus School Agreement (CASA), including but not limited to limitations of liability, disclaimers of warranties, and the exclusion of remedies and claims.
• You must be at least 16 years of age to use the software and services from M365.

Data storage

• Insofar as personal data of third parties are processed within the application, you must comply with the regulations of data protection and ensure the fulfillment of the information obligations.
• The processing of special categories of personal data may not be undertaken without further clarification with the respective data protection contact person of the responsible department. This includes, among other things, data on racial and ethnic origin, political opinions, and religious or ideological beliefs.
• When using the software and services from M365, you must comply with the statutory retention periods of archiving law. You are responsible for performing backups and archiving data.
• In general:
  • Unpublished personal data of persons who do not use Microsoft 365 or Office 365 (case 1), which are not related to task-related communication (case 2), or data that is subject to special secrecy and a high need for protection (case 3), may not be passed on unencrypted.
  • Examples of case 1 include (but are not limited to) attendance lists or lists of participants at an event.
  • Among examples of case 2 are communications of contact information or information of interest to the company regarding persons in charge or contact persons at service providers and cooperation partners, course/event participants.
  • Examples for case 3 include notices related to sick leave and confidential research contracts.
• If data is stored in an encrypted form, the key must meet the institution's password requirements or be equally secure. The encryption method used must comply with the technical guideline BSI TR-02102-1 of the German Federal Office for Information Security.
• Microsoft provides some features of its services and software as so-called "Optional Connected Experiences". You must ensure that these functions are used exclusively with personal data of the users and that the necessary copyright usage rights exist for passing on the works to Microsoft.

Person responsible for data processing

Ludwig-Maximilians-University Munich
Geschwister-Scholl-Platz 1
80539 Munich

Responsible office for data processing

Ludwig-Maximilians-University Munich
Department VI - Information and Communication Technology
Geschwister-Scholl-Platz 1
80539 Munich
VI@verwaltung.uni-muenchen.de

General questions and support

Ludwig-Maximilians-University Munich
Department VI - Information and Communication Technology
IT Service Desk
Geschwister-Scholl-Platz 1
80539 Munich
it-servicedesk@lmu.de

The current version of the user instructions applies.
Status: June 2021

General information

Like other software manufacturers, Microsoft also uses personal licenses. The use of Microsoft 365 (M365) therefore requires a personal Microsoft account. This LMU Microsoft account is created based on your data from the LMU and LRZ identity management system and controlled by the LMU.

This account is created either pseudonymously in the systems of Microsoft or from the connected identity management systems of the universities.

As a member of the LMU, you will receive a personal Microsoft account managed by the LMU. To do this, you must unlock your LMU user ID once in the LMU user account. After activation, the use of M365 and Microsoft products licensed for you is possible as long as and to the extent they are made available by LMU or as long as you are a member of the LMU. The activation can be undone in the LMU user account (see “Duration of storage of personal data”).

M365 is operated by Microsoft Corporation, Microsoft Corporation, One Microsoft Way Redmond, Washington 98052.

The contractual partner for the LMU is:

Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

When you create your LMU Microsoft account, Microsoft’s Terms of Use, Microsoft Product and Online Terms and Conditions and the LMU’s M365 usage notices apply. Here you can find Microsoft’s data protection information on M365.

Purpose of data processing

The purpose of the data processing is the use of an LMU Microsoft account and M365 as a software and cloud service solution to ensure the administration, operation of workplaces as well as the carrying out of studies, research and teaching at the LMU and all legal tasks of the LMU. M365 is a product package of Office programs and cloud services. The software serves the daily execution of office work, as a communication and organizational solution as well as for data storage and data exchange.

This includes, in particular, the use of the licensed products and services, provision of updates, guarantee of information security, and technical and customer support, including disclosure for the following purposes by Microsoft, whereby Microsoft acts here as its own controller:

• Billing and account management
• Remuneration
• Internal reporting and modelling
• Fight against fraud
• Cybercrime or cyberattacks
• Improving core functionality in terms of accessibility, data protection or energy efficiency
• Financial reporting
• Compliance with legal obligations

Statistics on usage are also produced.

The LMU does not process data for purposes other than those specified or permitted by law (e.g. for internal verification of security systems and to ensure internal network and information security in accordance with Article 6(1) of the BayDSG). LMU processes only the personal data that you have provided to us or which have been collected in an admissible manner as part of the activity at LMU (Art. 4 para. 2 BayDSG).

The LMU does not control performance or behavior based on your use of your LMU Microsoft account or M365.

In some cases (e.g. longer unavailability of the service) it may be necessary to contact you. If there is no equivalent or better way to inform you, we will use your personal data to contact you, e.g. via the information service of LMU.

Visibility of your activities

Since the LMU Microsoft account is an online account and M365 is a cloud-based offering with a very broad range of software and services, it is not possible to assess the visibility of your activities. The most common applications are discussed below.

• Your activities can be visible whenever you connect with other users as part of these cloud services.
• When files are shared via OneDrive or other cloud services, they can be visible to other users.
• You can search and invite other users as part of the cloud services. Your name and other data from your LMU Microsoft account may be visible.
• When collaborating on documents, the changes you or other shared documents, as well as metadata such as change times, etc., may be visible.

Usage profile

Your LMU Microsoft account contains in the initial filling only your first and last name, your LMU e-mail address stored in the user account and your affiliation status to the LMU. In some services, it is possible to add more information to the user profile. This is not necessary for the use of the service or for the performance of public tasks. The corresponding additions are voluntary, but should not be done for reasons of data economy.

Groups of persons concerned

• People who use or administer Microsoft 365
• Persons who are identified or identifiable in communication and documents

Legal basis

We process your data in accordance with and on the basis of the General Data Protection Regulation (GDPR), the Bavarian Data Protection Act (BayDSG) and the other applicable data protection regulations.

The processing of personal data for the use of M365 takes place within the framework of voluntary use in accordance with Article 6(1)(a) GDPR (consent), otherwise in the context of the performance of service tasks pursuant to Article 6(1)(e), Paragraph 2, 3 GDPR in conjunction with Article 4(1) BayDSG. in particular Article 11(1) BayEGovG, § 13(7) TMG, Art. 6 para., 1 BayDSG, Art. 10(1) BayHSchG, Art. 7 BayHO, Art. 20a GG, Art. 3, 3a, 141 In particular, these are:

For employees and staff:

• Art. 6(1)(b) GDPR in conjunction with Art. 4(1) BayDSG, Collective Agreement, Employment Contract, Collective Agreement, § 106 GewerbeordnungArt. 6 para. 1 lit. c GDPR in conjunction with Art. 4(1) BayDSG, Art. 33(5) GG
• Article 6(1)(c) GDPR in conjunction with § 3a(1) ArbStättV

For the teaching:

• Art. 6 para. 1 lit. e, para. 2, 3 GDPR in conjunction with Art. 4(1) BayDSG (Art. 55(2) BayHSchG)

For disclosure to Microsoft (beyond the order processing):

• Article 6(1)(b) GDPR, Art. 49(1)(c) GDPR (data categories 1 and 6) – for licensed persons
• Art. 5 (1) sentence 1 no. 2 BayDSG, Art. 49(1)(d) GDPR (data category 2.-5.,7.,8.) – for purposes not required by contract

For statistics:

• Article 6(1)(e) GDPR in conjunction with Art. 4(1) BayDSG, § 3 HStatG, Art. 10(1) BayHSchG, Art. 7 BayHO

Processing of personal data

The following data is synchronised between the LMU and Microsoft’s AzureAD:

• Name & first name
• LMU e-mail address
• Membership status (students, employees, other members)

Furthermore, registration events (last 30 days) are collected and processed in M365:

• Date
• Hour
• Application
• IP address indirectly Location
• Device information (device name, browser, operating system, link type)
• Date of first and last activity of the computer
• Presence status if applicable (depending on the service used)

Provisions in the sense of data protection

In the implementation of M365, LMU has in particular taken into account the data protection principles of data minimisation, privacy by default and privacy by design as far as technically possible. The logging of the use of the services of M365 is anonymised.
A productivity assessment feature is not enabled.
The inventory function/telemetry is switched off as far as technically possible.

Data transmission

In order to enable the use of your LMU Microsoft account and M365 according to the above purposes, personal data must be transferred to other recipients:

• Microsoft Ireland Operations Limited in the context of order processing and contract performance.
• Microsoft Corporation, for the purpose of processing and fulfilling the contract and fulfilling its own purposes
• as well as subcontractors and support service providers.

Microsoft processes the data on our behalf and may only use the data according to our instructions and for our purposes. However, Microsoft also uses personal data for its own purposes and is to be regarded as its own controller.

The transfer of personal data in the context of the use of M365 in third countries without an adequacy decision and without appropriate safeguards similar to the level of EU security cannot be completely excluded.

Guarantees for the international transfer of data to Microsoft Corporation and sub-processors constitute the standard contractual clauses that have been agreed and any return exemptions in individual cases pursuant to Art. 49 (1) sentence 1 lit. a, c, d GDPR. (as far as relevant)

The IT Law Office of Bavarian universities and universities analysed the judgment of the CJEU in Case C-311/18 of 16 July 2020 and, in consultation with the CIOs of the Bavarian state universities and universities and their data protection officers in accordance with clause 4 g of the Standard Contractual Clauses, informed the Bavarian State Commissioner for Data Protection that the guarantees contained in clause 5b of the standard contractual clauses can be fulfilled in all respects and at any time.

With regard to the M365 Azure cloud, Microsoft adheres to the C5 standard issued by BSI for Germany. Microsoft confirms that the data will only be stored locally within Germany. Further information can be found at Cloud Computing Compliance Controls Catalog (C5).

This assessment is based on the publicly available information provided by Microsoft and the assessment of NOYB.

In addition, Microsoft is certified under the EU-U.S. Data Privacy Framework of July 10, 2023. The adequacy decision for the EU-U.S. Data Privacy Framework confirms that the U.S. ensures an adequate level of protection for personal data transferred from the EU to companies participating in the EU-U.S. Data Privacy Framework. The requirements of the General Data Protection Regulation (GDPR) for data processing continue to apply.

Duration of storage of personal data

Data categories

1. Documents and files
2. Tasks and solutions
3. Communication data
4. Basic personal data
5. Authentication data
6. Contact information
7. Profiling
8. Logfile with access
9. System generated log data

Retention and deletion of data

The stored data will be processed as long as and to the extent necessary for the respective purpose of data processing in the context of the use of your LMU Microsoft account and M365.

The data will be stored for up to 90 days after deleting an LMU Microsoft account and then deleted. Blocking an LMU user ID or changing the license assignment does not change it.

Number by data category: 1-3 cancellation period: 90 days after deletion of the content data, after the necessity ceases to exist

Number according to data categories: 4-7 cancellation period 90 days after deletion of the account on request or after objection

Number by data category: 8.9 Cancellation period 180 days

Information on existing rights

You have the right to obtain information about the data stored about you (Art. 15 GDPR). Should incorrect personal data be processed, you have a right to rectification (Art. 16 GDPR). In addition, you have the right to erasure (Art. 17 GDPR), objection (Art. 21 GDPR), restriction (Art. 18 GDPR) and to withdraw consent for the future. The lawfulness of the data processing carried out on the basis of the consent until the withdrawal is not affected by this.

For reasons arising from your particular situation, you can also object to the processing of personal data concerning you by us at any time (Art. 21 GDPR). If the legal requirements are met, we will no longer process your personal data.

In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR. The data protection supervisory authority responsible for the LMU is the Bavarian State Commissioner for Data Protection.

If you wish to exercise your rights or if you have any questions, please contact the responsible data processing department (see above). It checks whether the legal requirements are met and then takes the necessary measures.

For further information, please refer to the LMU’s privacy policy for the website.

Obligation to make available

Without the creation of an M365 account, a licensed use of M365 on the LMU is not possible.Insofar as the use of M365 serves the fulfilment of legal obligations and tasks or for the performance of the work and service tasks of the employees or employees, the data processing is necessary, otherwise voluntarily.

Current status

The data protection information in the current version applies.

Status: July 2021

Here you can find an overview of data flows from Microsoft services at the LMU

Overview of data flows from Microsoft services at the LMU (PDF, 184 KB)

The controller for data processing is Microsoft as licensor and LMU as licensee.

Responsible persons and their data protection officers (licensor)

• M365 is operated by Microsoft Corporation, contract partner for LMU is Microsoft Ireland Operations Limited.
• Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland)
• icrosoft Corporation (One Microsoft Way Redmond, Washington 98052, United States)
• Privacy (theme page with FAQ and Microsoft contact options)

With the creation of your LMU Microsoft account, Microsoft’s terms of use, Microsoft product and online regulations and the LMU’s notices of use for M365. Here you can find Microsoft’s data protection information on M365.

Responsible for data processing as a licensee within the scope of the license agreement

Ludwig-Maximilians-University of Munich
Geschwister-Scholl-Platz 1
80539 Munich

Data processing department responsible

Ludwig-Maximilians-University of Munich
Department VI – Information and Communication Technology
Geschwister-Scholl-Platz 1
80539 Munich
VI@verwaltung.uni-muenchen.de

General questions and support

Ludwig-Maximilians-University of Munich
Department VI – Information and Communication Technology
Unit IV.1 – Computer procurement
Geschwister-Scholl-Platz 1
80539 Munich
it-servicedesk@lmu.de

Contact details of the official data protection officer of LMU

Ludwig-Maximilians-University of Munich
— Official Data Protection Officer —
Geschwister-Scholl-Platz 1
80539 Munich
Tel.: 089-2180-2414
https://www.lmu.de/datenschutz

The LMU Munich can currently only offer limited central support for Microsoft 365 and its programs, apps and service.

In case of problems, please first consult the FAQs – Frequently Asked Questions. The most common problems and errors are described there and possible solutions are provided.

Microsoft provides much support. If you have any questions or problems, please find out more here.

If you still need help:

For employees: Please contact your IT service group e.g. of the Faculties.

For students: Please contact the IT-Servicedesk.

There are alternatives to the products from Microsoft 365. A selection of these can be found in the following list:

Office suits:

• LibreOffice
• OpenOffice

Communication tools:

• LMU-Chat Rocket.Chat (Activation via LMU-Benutzerkonto under „LMU-Chat“)