Category Archives: Rutgers Connect

Rutgers Connect Features: Mentions, Templates, & Forms

Built on the feature-rich Office 365 platform, Rutgers Connect offers a wide variety of tools to increase productivity and streamline user experience. This article will discuss three of these tools – Mentions, Templates, and Forms – and detail the ways in which they can assist with day-to-day tasks.


Mentions

With a constant influx of email from colleagues, departmental mailing lists, University newsletters, automated notifications, and more, it’s easy for a message to go unnoticed for some time as its recipient reads through his or her inbox. Often this is perfectly fine; not everything needs to be attended to immediately. Other times, however, this is not the case, and an individual needs to be made aware of something as soon as possible. Office 365 provides a handy tool to ensure that happens: Mentions.

When composing an email, users can highlight the message for a specific individual. This marks it in the recipient’s inbox on OWA (Outlook Web App, located at connect.rutgers.edu) with a colorful, eye-catching @ symbol and lets him or her know that it requires prompt attention. An example of what such a message would look like is shown below.

Image of three emails, one of which contains a Mention, showing the visual contrast between messages without Mentions and messages including Mentions; the latter is marked with an @ symbol on the right-hand side.

Although emails containing Mentions are not marked with an @ symbol in the desktop application for certain operating systems, such as Windows 7, they still stand out in another way: they can be filtered for in the Mentioned user’s inbox. This also works in OWA. The images below demonstrate this filtering in the desktop client and OWA.

The screenshot of Outlook 2016 shows how an email containing a Mention is sorted into its own filtered folder titled "Mentions", but not marked with an @ symbol. "All" and "Unread" are also displayed as filtered folders, and there are options to search and sort messages within the folder.Screenshot of OWA demonstrating an email with a Mention sorted into its own filtered folder and marked with an @ symbol. The applied filter, titled "Mentions", is displayed in the top right corner.

To use Mentions, the sender must include the recipient’s name in the format “@FirstName LastName” (without quotation marks) and then choose the appropriate person from the drop-down list of University affiliates with that name. It is important to note that Mentions are only available for use in OWA and Outlook 2016; older versions of Outlook do not support this feature.

For more information, please see Microsoft’s article on Mentions.


Email Templates

Some types of emails may be sent very frequently; a department administrator might routinely request access to some service for each new employee every time one is onboarded, or a manager might regularly ask their direct reports for status updates on projects. It often seems that the same words are being rewritten every time, which can grow tiresome very quickly. But Office 365 provides a solution: email templates.

Users can create templates for the various types of emails they send frequently, and then use them as shortcuts in the future. Examples of the template interfaces in OWA and in Outlook 2016 are shown below; the icons which lead to them in each client are highlighted.

A screenshot of the email composition window in Outlook 2016. There is a selection of templates available for use on the right, one of which has been selected and used to compose the message. In the ribbon towards the top of the window, the "Office Add-ins" icon is surrounded by a blue rectangle to make it more noticeable. Screenshot of an email which was composed in OWA using an email template. A selection of templates and an option to add additional templates is displayed on the right, and the body of the message matches one of the template options with only slight edits (topic of the message and suggested date for completion). On the bottom right, the icon which opens the templates menu is surrounded by a square to make it more noticeable.


Forms

Microsoft Forms is a component of Office 365 which allows users to create, share, and respond to (as the name suggests) forms. It’s well-suited for a variety of purposes; a professor could give her students a quiz, a department hosting a luncheon could send out a form with menu options and a yes/no plus-one question, a group which presented at a conference could ask attendees for feedback, or administrators of some particular service could run customer satisfaction surveys.

Several types of questions are supported: multiple-choice, text/free-response, rating, and date. Form creators can place restrictions on responses, such as requiring a positive number as an answer to a free-response question, which ensures valid responses (for example, if asking how many party members a reservation is for, neither “0” nor “Smith” should be accepted). In the case of quizzes, multiple-choice questions can be auto-graded while other types of questions must wait for review by the form creator.

The designer menu for an example form is shown below.
 The interface for editing questions on a quiz in Microsoft Forms is displayed. One free-response question and two multiple-choice questions are displayed; the second multiple-choice question is being edited. All questions are marked as required and show the per-question point values. The multiple-choice questions indicate the correct answer with a check mark to the right of the answer. There is an option at the bottom to add additional questions. A tab at the top allows users to switch to viewing responses.

Creators have a variety of options to choose from when sharing their forms. One method of sharing is “share to collaborate”, allowing others to edit the form and view responses; another is “share as a template”, allowing others to create their own version of the form and make changes to the design but not to examine submissions for this particular instance of the form. The most common way is “share to collect responses”, which grants no administrative privileges but allows users to see the form and submit responses. This type of sharing can be limited to individuals within Rutgers or open to anyone with a link to the form. (Technically, “share to collaborate” can also be made open to anyone with the link, but this is not recommended.)

Once the form is shared and responses are gathered, creators and collaborators can view them in summary as well as in detail. Below is an example of the first viewing option, which provides statistics about each question rather than individuals and their responses.

An example of the interface for viewing responses on Microsoft Forms is displayed. The screenshot shows the number of responses (5), the average score on the assessment (3/4), the status of the assignment (active), and statistical breakdowns of the responses for each question (both in a table and in a pie chart). There are options to review answers, post scores, and open the response data in Microsoft Excel. A tab at the top allows users to switch to viewing questions.

More detailed results are available in several forms. The full list of responses matched with the corresponding participants, submission times, and more is visible through the “Open in Excel” option. “Review answers” allows for viewing responses by participant rather than by question, and “Details” next to each question displays individual responses only for that question, as displayed below.

There is a table showing a breakdown of the five responses for this question. A column for names of participants is present, but the names have been partially obscured. There are also columns displaying the ID of the response, the content of each person's response, and an indicator of correctness or wrongness in the form of a green check mark or a red x.

The Forms portal is accessible from Rutgers Connect through the Office 365 App Launcher (the “waffle” in the top left corner) or directly at forms.office.com. Users interested in learning more may wish to visit the Microsoft website and read What is Microsoft Forms?, which explains how to get started using the various features of Forms.


Author: Rae Clarke

Stay tuned for upcoming articles discussing additional Office 365 features! If you have any questions, comments, or suggestions regarding the Rutgers Connect article series, please write to help@oit.rutgers.edu.

Rutgers Connect Features: OneDrive for Business 

This article is an introduction to OneDrive for Business, a key component of the Office 365 suite of services which provides secure storage and backs a broad set of features such as Office Online.


The Technology behind OneDrive for Business

OneDrive for Business is a different product than the consumer-grade OneDrive. As it is built on top of the SharePoint Online technology, it benefits from the more advanced intranet-targeted features available in SharePoint.

Each file stored in OneDrive for Business is automatically under version control; whenever a user uploads a new version of the same file in the same location, the previous file is archived. Previous versions can be retrieved, and information about each version’s upload time and editor are available for review.

All files and folders stored in OneDrive for Business can be shared with any other University members using Rutgers Connect with various levels of permissions, including read-only, read/write, etc. Files and folders can also be shared with external users, such as students not using Office 365 or users completely external to the university, but these external shares must be read-only and the recipient will need to authenticate when accessing the shared data. Anonymous sharing is not permitted. If more extensive collaboration is required with users external to Rutgers Connect, responsible parties should consider creating guest accounts for the external collaborators.

OneDrive for Business is covered by the HIPAA Business Associate Agreement signed by Microsoft as well as all other legal frameworks covered in our software agreement. For more details about these legal frameworks, please see our previous articles on Security and Trust . Please note that while OneDrive for Business is HIPAA-compliant, users handling sensitive information should continue to use any dedicated systems already in place and approved for such use.

Each Rutgers Connect user is allocated 1 TB of OneDrive for Business storage space. This storage is subject to a number of limitations; for example, there are maximum file name lengths and certain characters and file type extensions are prohibited. Additional information regarding syncing restrictions can be found here.

Please note that at this time this 1 TB storage allocation cannot be expanded. If users need additional storage, they can contact their local IT support or the OIT Help Desk for alternate arrangements.

Ownership of OneDrive for Business storage segments is not limited to individuals. Office 365 Groups can also have a OneDrive for Business storage allocation, which defaults to 100 GB but can be extended as needed upon request. OneDrive for Business storage in Office 365 Groups behaves exactly like its equivalent user storage; it can be shared, edited, or accessed in the same ways. However, it is owned by the group rather than any one individual who might retire or change employment assignments or responsibilities.

Like all Rutgers Connect components, data stored in OneDrive for Business is doubly encrypted at rest, benefiting from both disk-level encryption and file-level encryption. For more information about the Office 365 encryption and security mechanisms, please see our article, Rutgers Connect Security and Trust Part One: The Office 365 Platform Security.


Using OneDrive for Business

OneDrive for Business can be accessed and used directly via the web interface of Rutgers Connect, which allows users to upload, delete, and update files or share OneDrive for Business stored information with other users. This is the recommended method of interaction for most users.

OneDrive for Business can also be made available directly on a user’s desktop or laptop like a network file system through the use of the OneDrive for Business synchronization client.  Files synced in this manner are also available for offline use and will automatically re-sync to the Office 365 cloud services when connectivity is available. These files remain subject to the limitations mentioned earlier. Additionally, if a large number of files are synchronized, a significant amount of local storage may be used to cache the cloud-hosted data.

When using the latest versions of Microsoft Office associated with Rutgers Connect, collaborative editing of documents is also supported. In both desktop and web versions of the supported Office tools, users can collaboratively work on the same documents, see the changes being made as they happen, and chat with other editors currently accessing the file they are working on.

All OneDrive for Business data can also be accessed through the OneDrive mobile application available to all users enrolled in the Mobile Device Management component of Rutgers Connect. Rutgers Connect users may access their own data as well as data shared to them by other users on their mobile device; additionally, they may edit and modify this data if the mobile version of the appropriate software has been installed on their devices. For example, users may use the mobile version of Excel to edit a shared spreadsheet from anywhere in the world. Office applications for mobile devices are available to all faculty and staff users of Rutgers Connect as part of their Office 365 license.


OneDrive for Business Usage Recommendations

While the advanced features and generous storage allocation of OneDrive for Business might be attractive for all types of use, some particular aspects of its implementation make it not ideal for some uses.

Due to its double encryption and version control, OneDrive for Business is not suitable for storing data which is accessed or modified by other applications. For example, do not use OneDrive for Business to store email files that you plan to access live in Outlook or research data that is going to be directly accessed by statistical software. You can certainly store this type of data in OneDrive for Business for the purpose of backups, transfers, or archiving, but if you plan to use it in other applications you should first download it to local or network storage.

While it may be tempting to backup whole desktops or servers to OneDrive for Business, this use is also strongly discouraged due to the performance implications of encryption and version control. Additionally, while the number of files that can be stored is very large, full system backups may exceed those limits.

It is also advisable to use Office 365 Groups OneDrive for Business storage allocations for files or data that are used by multiple users or are business critical. Individual storage allocation is bound to the license of individual users and may become unavailable as users leave the university or change employment roles, whereas the storage allocations of Office 365 Groups can remain under the management of individual units or departments indefinitely.


Authors: Vladimir Gabrielescu, Elizabeth McMillion, Rae Clarke

If you have any questions, comments, or suggestions regarding the Rutgers Connect article series, please write to help@oit.rutgers.edu.


Rutgers Connect Security and Trust Part Three: Mobile Device Management 

This is the third in a series of articles covering data security and privacy in Rutgers Connect, addressing both the standards and capabilities of the Office 365 platform and the Rutgers-specific customizations and policies related to these topics.

The first entry in the series, Rutgers Connect Security and Trust Part One: The Office 365 Platform Security, introduced users to security and data resiliency features native to the Office 365 platform.

It was followed by Rutgers Connect Security and Trust Part Two: Rutgers-Specific Implementation and Policies, which covered the customizations made and policies enacted to protect users’ privacy in Rutgers Connect.

In this third and final article, we will discuss Mobile Device Management.


Reasons to Use MDM

Mobile Device Management is a suite of software and policies designed to ensure that end-user and University data stored on mobile devices is secured from unauthorized access. Modern mobile devices are far more advanced than old-style mobile telephones; they are full-powered computers that go with us everywhere. Unfortunately, these devices are often unsecured from casual access by unauthorized parties, and they are easily lost or stolen. MDM enrollment helps reduce the security risk these factors pose.

While MDM enrollment is not mandatory, users who chose to not enroll their devices in the Rutgers Connect MDM system may only access Rutgers Connect services via the mobile web interface. For many, this is sufficient. However, users desiring more advanced integration, including the ability to edit and share Office files, full calendar integration, device caching of email and other data, access to OneDrive-hosted files, etc. must enroll their devices.


MDM Requirements & Capabilities

There is a considerable amount of confusion and misinformation about what Rutgers can and cannot do to a enrolled mobile device. While other products offered by Microsoft may be able to enforce more advanced policies and controls (as reflected by warnings presented during the enrollment process), the version purchased by and available to Rutgers University cannot track users’ movements or access any data on the device, including any data about usage, installed software, personal data, photographs, etc. The MDM product’s capabilities are limited to enforcing certain basic security settings and providing remote wipes of the device when requested by the user.

As configured and supported by the University, the only requirements most users will have to comply with for MDM enrollment are securing the phone with a simple lock screen PIN and accepting the remote wipe access. Users who are subject to HIPAA regulations must also ensure that all data on the device is encrypted and use a more complicated PIN. In all cases, more modern devices which support fingerprint authentication can use that method as a substitute for the PIN when unlocking the device, but the PIN will still be required at device startups and reboots.

Rutgers University will never initiate a remote device wipe without the express permission and request of the device owner. This option is available to the owner of a device, the delegated Connect administrators for their department, and select OIT Connect administrators. The use of this feature is limited to cases where a device has been lost or stolen and the device owner requests that all data on the device be wiped to secure it from any chance of unauthorized access.

More information about MDM and configuration of mobile devices can be found here.


Authors: Vladimir Gabrielescu, Elizabeth McMillion, Rae Clarke

This concludes our three-part series of articles on Security and Trust in Rutgers Connect, but stay tuned for other topics to be covered in future articles.

If you have any questions, comments or suggestions regarding the Rutgers Connect article series, please write to help@oit.rutgers.edu.


As described in this series, Office 365 and the Rutgers Connect implementation are designed with security as a top priority, offering a wide array of rigorous protective features at multiple levels which provide users with a great deal of privacy and safety. However, as with every existing platform, NPPI (Non-Public Personal Information, such as Social Security numbers) should still not be transmitted via email.

Rutgers Connect Security and Trust Part Two: Rutgers-Specific Implementation and Policies

This is the second in a series of articles covering data security and privacy in Rutgers Connect, addressing both the standards and capabilities of the Office 365 platform and the Rutgers-specific customizations and policies related to these topics.

The first entry in the series, Rutgers Connect Security and Trust Part One: The Office 365 Platform Security, introduced users to security and data resiliency features native to the Office 365 platform.

In this article, we focus on Rutgers-specific security considerations as well as additional protective features included in the Rutgers Connect implementation of Office 365.


HIPAA Compliance

While Microsoft Office 365 is a HIPAA-compliant product and Microsoft has signed a Business Associate Agreement (BAA) with the University, Rutgers Connect is currently undergoing a rigorous in-house analysis to evaluate and document all aspects of the product, both as offered by Microsoft and as configured by the University, with regard to HIPAA compliance. When this effort is complete, the University should be able to provide better guidance about which specific HIPAA data types, communications, and activities can be used, stored, and conducted via Rutgers Connect. In the meantime, please contact the Office of Enterprise Risk Management, Ethics, and Compliance if you have any questions.

Along with the provisions set forth in the University’s BAA with Microsoft for Office 365 and the security features built into the platform, Rutgers Connect automatically enforces a number of additional security features for University members who are part of units designated as HIPAA-covered entities.

Email originating from users belonging to such units and addressed to external users is automatically routed through a product named Zix. Zix scans outgoing messages for HIPAA-covered data, such as private patient information, and ensures that the message is delivered securely to the recipient by ensuring end-to-end encryption of the communication channel via a number of different technologies.

The end user needs to ensure that any communications involving HIPAA data are sent only to those parties who have the correct authorization to handle the data they receive. Proper training for all users handling and communicating HIPAA data is essential.

Current, already-existing procedures which cover the handling of HIPAA and NPPI data (like using a patient portal for doctors to securely communicate with patients) should NOT be changed simply because Rutgers Connect is now available. All standard procedures for handling HIPAA data and communications should continue unchanged. Proposals for new procedures or changes to existing procedures involving HIPAA data should be submitted for evaluation and authorization to the appropriate organizations tasked with those responsibilities.

More information about Office 365 and HIPAA is available from Microsoft. Interested users may wish to visit the Office 365 & Microsoft Dynamics CRM Online HIPAA/HITECH frequently asked questions page on the Microsoft website.


Additional Implemented Security and Privacy Features

After consulting with IPS (Information Protection and Security) and ERM (the Office of Enterprise Risk Management, Ethics, and Compliance), OIT has made a number of security-related choices when configuring Rutgers Connect which protect users from intentional or accidental exposure of private or internal data.

Anonymous external sharing of all data is restricted. While users may certainly share Calendars, OneDrive stored files, etc with colleagues external to Rutgers Connect and the University at large, the sharing cannot be anonymous. The intended recipient of the share must create their own set of unique login credentials when they receive the first share notification and use these credentials whenever accessing the shared data. Calendars may be externally shared anonymously, but with limitations on what information is exposed; recipients can view the times and names of events, but no event details, notes, or attachments will be visible.

At this time, users cannot access the plugin store or grant third-party applications permission to interact directly with the data stored in their accounts. Third-party applications may request access to your mailbox, OneDrive data, and more; to avoid accidental or malicious exposure of your data, user authorization of such third-party application access is not enabled. That does not mean we cannot integrate Rutgers Connect with third-party services – in fact, we have already done so for a number of Rutgers-supported services such as Blackboard – but such configurations and associations must be made by OIT systems administrators after appropriate review.

To protect users from both accidental deletions of email or files and malicious data removal in the case of an account breach, OIT has configured Rutgers Connect to retain and potentially recover data for 30 to 60 days after deletion. The length of time for which an item is retained varies. Newly-created or received items can be recovered for up to 60 days from the day of creation or receipt regardless of when they were deleted, while older items can be recovered for 30 days after deletion. This is not an effortless operation; users should always be careful to preserve data they still need and only delete unnecessary items.

Access to Rutgers Connect services via mobile devices is limited to only web access unless the device is enrolled in the Rutgers Connect Mobile Device Management system. Mobile Device Management (MDM) will be covered in more depth in the third article in this series.

Additional security features such as two-factor authentication, data loss protection algorithms and policies, and Advanced Threat Protection are being currently evaluated and will be deployed when appropriate.


Delegated Administration

Rutgers Connect is centrally configured, managed and supported by OIT, primarily by the Enterprise Messaging group and the OIT Help Desk. When picking the product, a fundamental feature the selection committee considered was the ability to delegate certain administrative tasks and functions to local and departmental IT support structures.

Whenever possible, OIT delegates control over departmental domain management, resource creation and maintenance, various user support functions, etc. to the IT staff directly supporting various academic and administrative units. This delegation leverages the Role-Based Access Control capabilities of Office 365 to ensure that no departmental IT staff has access to the resources and data owned by other departments. Additionally, tools and APIs are in place to ensure that all business practices are enforced across all departments and IT staff.

Delegated administrators are bound to the same requirements and rules regarding user information and privacy as the central OIT staff managing Rutgers Connect. These rules are formulated and maintained by the University, including the Office of General Counsel and other parties.


Rutgers Access to User Data

User privacy is of utmost importance, and OIT is cognizant of the trust placed in our hands. To ensure that this privacy is always respected, OIT has implemented the following guidelines and tools.

  1. No OIT staff member or delegated departmental administrator will access user data without first obtaining the explicit permission of the user except under a very narrow set of cases such as:
    1. Performing a legal eDiscovery or OPRA search at the written request of the Office of General Counsel. In these cases, OIT staff do not access the data directly, but retrieve it for use by OGC without examining it.
    2. Combating or investigating an active and emergent security threat where we believe an account is being used maliciously or by unauthorized actors.
  2. In the unusual case that an OIT staff member needs access to a user’s account in the course of providing support or performing maintenance functions, OIT staff will first obtain permission from the user to access the data, either directly from the user or via local support acting as intermediaries for the user. Such access will always be limited to the minimum required to solve the issue at hand, and permission to access the account is considered withdrawn when the issue is resolved.
  3. All actions taken by OIT staff or delegated departmental administrators are immutably logged. No one in Rutgers University can alter these logs in any way; these logs are not under the control of the University, but rather they are immutably maintained by Microsoft. Logging of administrator actions cannot be turned off or bypassed.
  4. All eDiscovery and OPRA searches are immutably logged. In addition, records are kept of the official requests received from the Office of General Counsel directing the searches in question.

Additional standards and policies are being developed by the Office of General Counsel in consultation with other relevant parties. Any new standards and procedures will be posted in the appropriate locations.


Authors: Vladimir Gabrielescu, Elizabeth McMillion, Rae Clarke

This concludes Part Two of the Rutgers Connect Security and Trust series. Stay tuned for the third and final article in the series, which will cover Mobile Device Management.

If you have any questions, comments or suggestions regarding the Rutgers Connect article series, please write to help@oit.rutgers.edu.


As described in this series, Office 365 and the Rutgers Connect implementation are designed with security as a top priority, offering a wide array of rigorous protective features at multiple levels which provide users with a great deal of privacy and safety. However, as with every existing platform, NPPI (Non-Public Personal Information, such as Social Security numbers) should still not be transmitted via email.

Rutgers Connect Security and Trust Part One: The Office 365 Platform Security

When selecting Microsoft Office 365 as the platform for Rutgers Connect – the new central email, calendaring, and collaboration solution for the University – the members of the committee tasked with this selection process were keenly aware that data security and privacy ranked among the most important considerations. This series of articles will introduce both University IT staff and interested members of the community to the standards and capabilities of the Office 365 platform designed to ensure data security and privacy. It will also provide an overview of the Rutgers-specific customizations and policies which further this high-priority endeavor.

The first articles in the series will cover the Office 365 platform’s security capabilities and compliance offerings.

Microsoft publishes a vast amount of information detailing their techniques, policies, methodology, and implementations relating to the security of Office 365. Interested users should browse the Office 365 Trust Center for additional information, as these articles will cover only a small portion of what Microsoft has made available.

https://www.microsoft.com/en-us/trustcenter/cloudservices/office365 .


Data Location, Privacy, and Access by Third Parties

Contractually, Microsoft guarantees that all Rutgers University data is stored exclusively in US-based datacenters. Within these facilities, data which belongs to Rutgers is logically segregated from the data of all other Office 365 tenants owned by other clients. Furthermore, all data is encrypted both at rest and in transit and between the user and all components of Office 365.

Microsoft does not provide any government agency with direct, unfettered access to either customer data or the encryption keys securing the data. Their privacy statement regarding government access to data reads, in part:

If a government entity approaches Microsoft directly with a request related to a Microsoft Online Services customer, Microsoft will first try to redirect the entity to the customer to respond. If Microsoft is required to respond to the demand, Microsoft will promptly notify the customer and provide a copy of the demand (unless legally prohibited).

Microsoft publishes its law enforcement requests report to identify the number and types of requests it receives and its compliance with those requests. Microsoft recently received permission from the U.S government to publish information about Foreign Intelligence Surveillance Act orders and National Security Letters.

The government access reports are available here: https://www.microsoft.com/en-us/about/corporate-responsibility/reports-hub

For more on data privacy, see Privacy in Office 365.


Data Security in Office 365 and Azure

All data in Office 365 and its Rutgers University implementation (Rutgers Connect) can only be accessed over encrypted network protocols, ensuring that no third-party actor can intercept or read any communications between the end user and Office 365.

Once data of any sort is stored in Office 365, it remains at least doubly encrypted while at rest. First, all data is encrypted at the disk storage layers using BitLocker protocols. Second, each file residing in the Office 365 platform is individually encrypted, independently of the underlying storage encryption. As a rule, encryption keys are kept in different datacenters than the data they encrypt.

For more on data encryption, see Content Encryption in Microsoft Office 365.


Data Resiliency

To ensure that no customer data is ever lost, Microsoft ensures that for each user file stored within Office 365 there must exist at least 4 copies, which must reside in 4 separate datacenters within the United States. The architecture of Office 365 and the underlying Azure infrastructure is based on an understanding that failures can (and will) happen due to hardware, software, networking, and human errors. All efforts are made to ensure that none of these failures will ever result in customer data loss. So far, after one year of the platform’s active deployment at the University, we can confirm that we are not aware of any data loss for any Rutgers Connect user.

In addition to the data resiliency standards listed above, Office 365 offers many additional protections. For example, all data is scanned for known malware and viruses whenever entering or leaving Office 365, and data at rest is scanned weekly. Another of the platform’s offerings is the availability of a thorough version history for each document uploaded to OneDrive that keeps track of every change. This feature could be used to recover data that has been corrupted or even sabotaged by ransomware infections; a user could simply restore to a previous copy from before the known infection date.

As an additional level of protection, no file can be executed directly (and certain executable file extensions cannot even be stored) in the Office 365 environment.

For more on data resiliency, see Data Resiliency in Office 365.


Monitoring of Irregular Sign-ins and Intrusions:

Adding to the layers of protection mentioned thus far, all user and administrator access to data is logged and monitored for suspicious behavior. System administrators cannot access or modify user data without immutable logs of such activity. User login activity is monitored for access from suspicious locations or IP addresses; when such irregular access is detected, system administrators are notified to ensure a timely response and help prevent any possible compromise of user data.

For more on auditing and reporting, see Auditing and Reporting in Office 365.


Office 365 Compliance with Various Legal and Security Frameworks:

Microsoft Office 365 has been certified as compliant with many legal and security standards spanning a multitude of national and international legal systems. Standards with which Office 365 is compliant include HIPAA, FISMA, FedRAMP, FERPA, and many more.

Of particular interest to the Rutgers community is the Business Associate Agreement Microsoft has signed with regards to HIPAA compliance, as this has enabled Rutgers to proceed with the evaluation and certification of Rutgers Connect for use by RBHS and other departments that handle HIPAA-covered data.

For more on compliance offerings and other security topics see, About Microsoft Cloud Security.


Authors: Vladimir Gabrielescu, Elizabeth McMillion, Rae Clarke

Stay tuned for additional articles in this series, which will cover Rutgers-specific security considerations and features.

If you have any questions, comments or suggestions regarding the Rutgers Connect article series, please write to help@oit.rutgers.edu.


As described in this series, Office 365 and the Rutgers Connect implementation are designed with security as a top priority, offering a wide array of rigorous protective features at multiple levels which provide users with a great deal of privacy and safety. However, as with every existing platform, NPPI (Non-Public Personal Information, such as Social Security numbers) should still not be transmitted via email.

Rutgers Connect Article Series

Image result for microsoft office 365

The Office of Information Technology would like to introduce a series of articles for the new central email, calendar, and cloud services system, Rutgers Connect, based on the Office 365 suite by Microsoft. This series of articles will serve as a resource for those that will would like to read about new features being released as well as in-depth articles that will seek to explain the intricacies of the product. Over the past year, OIT has worked with all departments at the university to conduct the migration from departmental and central mail services, to one unified email and calendaring solution. We are now nearing the completion of this project and would like to provide a centralized informational resource for the Rutgers community and their new service.

In 2014 a committee of IT staff from across the university was formed and tasked to evaluate an enterprise-wide email and calendaring solution to meet the requirements of the President’s Strategic Plan. The goal was to provide better storage capacity, easier scheduling of meetings, improved reliability and availability, and promote better collaboration throughout Rutgers University. A series of town hall meetings were held as forums for the committee to speak with other IT staff on the requirements, features and possible issues dealing with a university-wide solution. The enterprise email and calendaring committee also released a survey to faculty, staff, and students to allow them an opportunity to express their email and calendaring needs.

After careful vetting of the email and calendaring solutions available, the committee elected to choose Microsoft’s Office 365 in December 2015.  Office 365 was selected for its offering of many different tools and its large amount of storage (1 terabyte of general storage and 50 gigabytes per mailbox for all users).

Office 365 is an extensive product, with a wide array of offerings that can facilitate the work efforts of the university and its members. In this series of articles, you’ll find information on the basics of the product including mail, calendar, and contacts. We will be providing an opportunity to delve deeper into the products and its components and learn about OneDrive, Skype for Business, Office Pro Plus and other collaborative features.

Our debut article will provide you with detailed information on Office 365’s security features and their integration with the university.

Update: Sending from an Alternate Email Address in Rutgers Connect

Rutgers Connect currently has the ability to allow you to send mail from your Personalized Email Address, however you cannot set your Personalized Email Address to be the default address to send mail from.

The Office of Information Technology is currently working with Microsoft to find a solution to this issue, however there is no estimated date of a resolution.

For information on how to send email from an alternate email address, please visit:

https://oit.rutgers.edu/connect/guides/alternate-email-address