Microsoft 365 Logo

James Madison University (JMU)​ utilizes and manages a collection of systems and services within Microsoft 365 that serve as the University’s secure platform for communications, file storage, and collaboration.

Data stored and managed in Microsoft 365 includes, but is not limited to, chats / posts and email communications, calendar events and details, meeting recordings and transcripts, AI chat prompts / outputs, workflows and analytics, and files of various format types stored within group managed or individual storage locations.

The primary Microsoft 365 tools involved in these processes include Outlook (email and calendar), Teams (chat, collaboration, and virtual meetings), SharePoint (group file storage), OneDrive (individual file storage), Office Apps (Word, Excel, PowerPoint), Copilot (generative and agentic AI), and the Power Platform (process automation workflow and analytics).

Account Data
Account level data is collected within the M365 admin center

  • Identity and Profile Information
    includes your name, email address, username, profile photo, and contact details used to identify and communicate with you across Microsoft 365 services. 

  • Service Usage Data
    includes records of your interactions with Microsoft 365 applications such as Outlook, Teams, SharePoint, OneDrive, and others. This may include:
    • Email and calendar activity

    • File storage and sharing history

    • Chat messages and meeting participation

    • Document collaboration and access logs

  • Subscription and Licensing Details
    includes information about your assigned Microsoft 365 license(s), service entitlements, and any associated billing or subscription metadata.

  • Device and Synchronization Data
    includes information about devices used to access Microsoft 365, synchronization settings, and personalization preferences (e.g., themes and bookmarks).

Logging Data

To maintain security and improve service performance, metadata related to system access and usage is also collected.  This data is used for auditing, troubleshooting, performance optimization, security incident response, and compliance with institutional and regulatory requirements.

  • Login and Session Data
    includes timestamps of logins and logouts, session duration, and authentication method used.

  • Device and Environment Details
    includes browser type, operating system, IP address, and device identifiers.

  • Activity Logs
    includes records of page visits, file access, search queries, and other interactions within Microsoft 365 apps.

User Data

User data is all the user created data within M365, with examples listed below. User data may need to be accessed for various troubleshooting scenarios, and duties related to legal investigations or security incident responses.

  • Chats, posts, and emails communications

  • Calendar events and details

  • Meeting recordings and transcripts

  • AI chat prompts and outputs

  • Workflows and analytics

  • Files stored within group managed or individual storage locations

If you abide by JMU Policy 1207 on Appropriate Use of Information Technology Resources, IT has no reason to access any of your data. There are limited exceptions where JMU uses Microsoft 365 data to enable:  

  • Administrative Processes and Service Support

    to perform maintenance or provide technical support. In cases where an individual contacts IT with an issue or question, data may be accessed while the requested support is being provided. This access ceases when the issue is resolved. Similarly, data may be accessed during system-wide maintenance or support operations, such as when troubleshooting email delivery, storage consumption, system inaccessibility, or other issues impacting many individuals at once. Again, the focus of IT staff in these situations is not your data; their focus is on determining the cause of an issue and resolving it.
  • Analytics and Reporting

    analytics and reporting scenarios to support troubleshooting.
  • University Data Protection and Security Incident Response

    Information Technology uses tools to protect user accounts and data and ensure that sensitive information is not stored in an area where such storage is not allowed. When these tools scan for sensitive data, they perform pattern matching to identify files where sensitive data may be located. IT then uses scan results to contact file owners and alert them to the presence and location of the data. IT does not read or analyze the data itself.

 

  • Automatically 

    when M365 applications and services generate and store data based on visits, interactions, and system automated rules and processes.

  • Directly 

    when users generate content and create data inside of M365 applications and services.

  • Indirectly 

    via system integrations such as the Human Resources system (account data) or the Identity and Access Management system (SSO logins).
  •  
  • IT Administrators 

    IT Administrators may access your data for the purposes outlined in the “How We Use Microsoft 365 Data” section of this webpage.

    There are limited occasions when another JMU employee, such as your supervisor, may request access to your data (examples: during a long period of absence or after you have ended employment with JMU) to meet a business need.  In these cases, JMU Human Resources will work directly with the requestor and IT to determine what access is needed, and for what length of time.

  • Legal and Regulatory Requirements

    personal information may also be shared when required by law, or to protect the safety, property, or rights of the university, its community members, and guests. In these circumstances, JMU shares the least amount of data possible to meet the need. When a legal situation arises requiring access to your data, Information Technology works with the Office of University Counsel to collect and review this information according to established procedures.

  • Service Providers and Vendor Partnerships

    your M365 data may be shared when required in project implementation or troubleshooting scenarios with Microsoft support staff, or other university approved technology vendors and implementation partners.

    In these scenarios, technical staff members from those organizations may need access similar to a JMU IT administrator’s.
Policy and Compliance
Take Action

Users may take action to delete M365 data from the application side, which in turn will start the full process of deleting the data from the JMU environment.  The guides below will help you learn how to delete data from various M365 applications. 

Note: JMU IT administrators could still be able to retrieve data from administrator recycle bins or system backups after user deletion, in alignment with the practices detailed above.

M365 Copilot - Delete Your Activity History

OneDrive - File Controls Tutorial

OneDrive - Delete or Restore Files

Teams - Delete or Restore Files

Teams - Delete Chats

SharePoint - Delete Files

SharePoint - Restore Files

Outlook - Delete Email

Outlook - Delete an Email Attachment

Find out More

Questions or feedback about the information found on this website?  Send us a message!

Back to Top
Planning, Analytics & Institutional Research
Varner House
MSC 3803
80 Bluestone Drive
Harrisonburg, Virginia 22807