What is the email quota for Microsoft 365 email accounts?
The mailbox quotas are as follows:
- Shared mailboxes: 50GB
- All employees/students/A3 licensed email accounts: 100GB
- Accounts with A1 full licenses: 50 GB
- Accounts with A1 mail and calendar only licenses (e.g. retirees, former students): 50 GB
Can lost or deleted cloud data be recovered?
End users have some email retention management capabilities. Deleted emails will be kept in the users' Deleted Items folder indefinitely. Any email that is either permanently deleted or deleted from the Deleted Items folder will be moved to a Recoverable Items area. Users have 30 days to retrieve a deleted email message from the Recoverable Items area. IST email administrators are able to retrieve deleted messages 90 days after permanent deletion (an additional ~60 days after the user retrieval period). Please refer to information on recovering deleted items or email in Outlook Web App for more information on recovering deleted emails.
Please also see the updated Guidelines on use of Waterloo computing and network resources regarding vendor cloud data retention policies.Will IST staff be able to unlock locked email accounts?
Yes, IST will be responsible for unlocking accounts.
Will Microsoft 365 email support email clients that rely on IMAP (e.g. Thunderbird)?
Thunderbird and other popular desktop clients that support IMAP currently work with Microsoft 365. However, some changes will be coming to client/server protocols in order to improve security (separate from the employee email investigation project), and IST is not yet sure whether all existing desktop clients will be developed to support the newer standards and ways of doing things. IST is tracking this actively, and hopes to identify and communicate desktop clients we are confident will continue to work. A draft table of these email clients is available to view.
Would Information Systems & Technology (IST) maintain any on-premises email servers?
Yes, we plan to continue to provide a small on-premises Exchange environment to support a small
number of users who have special requirements.
How will bulk mail be handled?
Current mass email guidelines will apply.
Will this change impact retired employees or alumni?
Microsoft 365 email accounts will be provided to retired employees and alumni. Due to licensing restrictions, these groups will not receive access to other/additional Microsoft 365 applications and features (e.g. OneDrive, Teams, Office Suite of apps).
Will generic email addresses be migrated to M365?
Eventually, yes. However, there will be no change in functionality during co-existence of both cloud and on-premises systems.
IS TWO-FACTOR AUTHENTICATION AVAILABLE?
Yes, two-factor authentication (2FA) is available on web-based authentications.
Will this initiative investigate moving from two tenants to a single tenant?
Yes, part of this work includes investigating the migration of all accounts to a single tenant, which would improve the collaboration between employees and students.
Where (or in which country) will my email data be stored?
Email data will be stored in Canadian data centres. For information on where other application data is stored, please see Microsoft's Where is your data page.
I have concerns about the privacy of my research data. Will Microsoft have access to my confidential work?
Microsoft takes strong measures to help protect customer data from inappropriate access or use by unauthorized persons, either external or internal, and to prevent customers from gaining access to one another’s data. View Microsoft’s policies on data management in more detail at:
- Data Management at Microsoft, https://www.microsoft.com/en-us/trust-center/privacy/data-management
- Microsoft Office 365 Data Access, https://products.office.com/en-us/legal/docid24
- Includes information on who has administrative rights to Microsoft Office 365 or Dynamics 365 (i.e. only key Microsoft personnel, not all or front line client support staff)
Does the Office of Research support use of Microsoft 365 for research partnerships?
The Office of Research approves the use of M365 email and OneDrive file storage for corporate research with industry partners, unless otherwise specifically stated in the contract. For those government research contracts where security clearances are required, University email services, including our on-premises Exchange service, should not be used to store, transmit, or share government classified research data as they have not received government security clearance. If a researcher has or is pursuing a government research contract, IST will ensure IT services are available to meet the environment requirements of the required government security level, including appropriate communication and data storage services.
Should I be concerned about US law enforcement or laws such as the Patriot Act and Clarifying Lawful Overseas Use of Data (CLOUD) Act?
Microsoft conforms with privacy best practices and international standards such as ISO/IEC 27018 Code of Practice for Protecting Personal Data in the Cloud. When law enforcement organizations demand access to data stored by Microsoft, Microsoft refers them to their customer (unless Microsoft is prohibited by law enforcement to notify their customer). It will then be up to the University to determine how to address such requests. This process is similar to what happens today with on premise storage of data.
How does Microsoft handle General Data Protection Regulation (GDPR) requests for data?
Learn about Microsoft's contractual commitments to its customers, plus their own commitment to GDPR compliance.
Where can I find information on Microsoft's privacy policies?
To whom should I send my privacy and/or security related questions or concerns?
Please send privacy related questions or concerns to the University's Privacy Officer.
Please send security related questions or concerns to the Director, Information Security Services.