Towson University is careful about enabling add-ins (plugins) in Microsoft 365 (M365). The large volume of marketplace apps and the potential privacy, legal, procurement, support, and other security concerns for each app make it necessary for the university to review each request carefully before approving. Add-ins can be granted significant access to your email, calendar, contacts, files and other data. They can appear in or interact with Outlook, Excel, Word, PowerPoint, OneDrive or SharePoint.
TU follows best standards in ensuring that Towson University data and credentials are carefully protected.
Required Information
OTS collects the following information to help us support requests for M365 add-ins. This information ensures that OTS has enough information to investigate the add-in, that there is a clear business case, and that we know the individuals and departments involved.
- Primary contact person (a faculty/staff member who will serve as an administrative contact for this request and for this add-in long-term)
- Sponsoring department and name of department head/chair (it's expected that at least a department head or chair is supportive of the request)
- Add-in name, vendor or publisher name, and URLs (links) to the "store" page or other information about the add-in
- Description and business case:
- What does the add-in do and what necessary functionality does it provide?
- Who does the add-in support and benefit? Will it be used by a department, specific course/discipline, an entire college or division, or the entire university? If it's specific groups, name or describe those groups. (Requests for personal add-ins or add-ins with limited use may not be approved.)
- Is this required for a grant, accreditation requirement, publisher content, or a specific course?
- Does this pertain to a piece of software that TU has already purchased? (whether STF or departmental purchase)
- Which M365 apps are impacted (such as Outlook, Word, Excel, PowerPoint, SharePoint, OneDrive)?
- Funding: Are there costs involved with this add-in? Are those costs already covered? If so, please provide information regarding ongoing funding.
- Urgency and any key dates (e.g., semester start, project deadline)
- Is this add-in part of software that has already been reviewed for purchase (and therefore already had a security and accessibility review)?
What to Expect After You Submit
After you submit a request through TechHelp (http://techhelp.towson.edu):
- OTS will perform an initial review for completeness and may request additional information.
- OTS will review the add-in based on impact and benefit, security considerations, vendor/product maturity, and ongoing maintenance requirements. Multiple team members are involved in the review. Some of the criteria OTS considers includes:
- Whether the add-in has a significant benefit or widespread impact
- Whether the add-in duplicates existing functionality in M365 or other add-ins
- Whether the add-in supports the use of existing data storage in OneDrive/SharePoint
- Whether the add-in supports TU's single sign-on (SSO)
- The breadth of the permissions required by the add-in
- Microsoft's security score of the vendor and the add-in
- Whether any sensitive data is involved
- Whether separate licensing or purchases are required, and whether a purchase request or accessibility review need to be performed first
- If the vendor and product are mature and don't represent a supportability risk
- OTS will make a decision to approve the add-in or not, and communicate the decision and reasoning; if approved, OTS will make the add-in available.
Expectations for Support If Add-In is Enabled
If the add-in is enabled:
- OTS does not provide direct support for using the add-ins in the M365 environment.
- OTS may conduct annual reviews of M365 add-ins to confirm they are still needed.
- If a vendor stops supporting an add-in, or OTS discovers a supportability or security concern with an add-in, it may be disabled or removed without prior notice.