Microsoft 365 policies and responsibilities
If you're a student using Microsoft 365 (M365) at UQ, you need to follow specific guidelines to ensure security and privacy.
This includes managing passwords securely, verifying the audience before sharing information, and adhering to university policies to maintain a safe digital environment.
Email and files in M365 may be subject to access applications under the Right to Information Act 2009 and Information Privacy Act 2009.
Your responsibilities
All students have a responsibility to:
- ensure you have set a secure password
- if prompted, set a security question with an answer that is not readily known to others
- check the audience is correct and ensure the content is appropriate before posting, sharing or sending information
- routinely check who you have shared documents with and remove stale access
- notify the sender or sharer if you have been sent or given access to something where you do not believe you were the intended audience
- maintain your mailbox and OneDrive within the storage quota
- comply with the UQ Code of Conduct
- comply with the Information and Communication Technology Policy and the Acceptable Use of UQ ICT Resources Guideline.
You must not:
- share your password or MFA device with anyone
- use information or photos in your contact card that is private and/or should not be available to all users
- allow others to use your services, including Outlook and OneDrive
- copy or forward content shared from another person without their permission if it contains information marked 'sensitive' or 'protected', or personally identifiable information (read more about information security classification).
Personal information
M365 offers a suite of applications that facilitate collaboration and communication among UQ staff and students. To ensure smooth and effective interactions, it is important to understand how personal information is displayed and managed within these applications.
Address books
Some M365 applications allow staff and students to search for and select other users to communicate with and share resources. The table below outlines the address book behaviour for staff and students.
| Application | Can staff see students? | Can students see students? | Can students see staff? |
|---|---|---|---|
| Outlook | CIO Approval Only | No | No |
| Teams | Yes | Yes | Yes |
| OneDrive | Yes | Yes | Yes |
| SharePoint | Yes | Yes | Yes |
In the address book, more than one person can have the same name. When this happens, you should use other information in the contact cards to differentiate and select the appropriate person, such as:
- job title (to differentiate between staff)
- job title listed as 'Student' (to differentiate between staff and students)
- photos (if available)
- email address (ensure you have the correct email address).
Contact cards
M365 applications show information about other users on contact cards.You can access these in various ways, including by:
- browsing the address book in Outlook
- viewing the sender of an email message in Outlook
- chatting with someone in Teams.
UQ makes some information available on these contact cards to facilitate locating another person, including differentiating between people with the same name:
- name
- job title for staff or 'Student' for students
- department/organisational unit for staff
- email address
- work phone number for staff.
M365 applications also allow staff and students to populate additional information about yourself. If entered, this information will be available to all UQ users, including staff, students, contractors, visitors and and associates. You should not enter private or inappropriate information.
Any uploaded text must comply with reasonable use, the appropriate and responsible use of university resources and services, and the UQ Code of Conduct.
Photos
M365 provides the option to include a photo on a person’s contact card. UQ will not upload photos for any person. Any photo in the system should be uploaded and managed by the account holder. Uploading a photo helps others identify and recognise the person they are communicating with.
Photos must be appropriate and must not be:
- inflammatory or inappropriate in any way
- used to bully or target other users
- another staff or student’s photo or image.
Staff and students must not copy, modify, use, distribute or otherwise misuse another person’s photo. Any uploaded photo must comply with University policies.
Leaving UQ
When you leave UQ (including when you graduate), you must remove all M365 licences. You should transfer all files to your personal drive before you leave UQ.