E-mail at PSI
Location of the mailbox now and after the migration
Until now, all PSI mailboxes were located in the ETHZ data centers.
Now the PSI mailboxes are managed in the Microsoft Cloud in Geneva and Zurich.
Contractual situation Data protection
PSI has joined the framework agreement contract of SWITCH (as official representative of "SWISS Campus and School Agreement - CASA") and Microsoft. At the same time, PSI has carried out further data protection clarifications with external partners. The PSI Directorate has endorsed the migration of the email service to the Microsoft Cloud with further detailed data protection measures.
PSI email data in other cloud offerings
PSI has a contract with Microsoft that takes into account Switzerland's data protection laws and the federal government's broader regulations on data protection for the operation of nuclear facilities and the security of patient data. PSI has no such contracts with providers of public cloud offerings used by employees (Apple Cloud, Google Cloud). For this reason, no PSI business mail may be managed in these cloud offerings. Access from e.g. Apple and Google Mail to the data in the Microsoft Cloud is not supported.
Redirects from MS Mail to other, external (e.g.) private email accounts are not permitted due to data protection circumstances, see instruction AW-95-17-01. Redirects are technically prevented.
Encryption
One of these further detailed data protection measures is the encryption of all emails, both in transit and in storage. This is a clear improvement in data protection; PSI had no encryption at all with ETHZ as the service provider.
Security
Access to data only with multi-factor authentication (MFA):
In addition to the standard authentication (login: email address/Windows password), a second level of authentication is now introduced. Similar to the authentication in the private sector (online banking, Google Cloud, Mac Cloud), a 2nd level is introduced with the MS Authenticator App on the smartphone. Further information on MFA can be found at IT - Multi Factor Authentication (MFA) M365 (service-now.com).
Furthermore, the smartphone SecureID app is required for VPN access to PSI.
Backup of email data
A back-up of the PSI email data is performed regularly. For this purpose, the mailboxes are streamed from our PSI Microsoft tenant to a SWITCH datacenter.
Email archive
The email archive is located in our PSI Microsoft Tenant. In this context, we would like to point out the conscious handling of employees when using PSI Email for private purposes.
Webmail
Use of webmail (https://outlook.office.com)
On all devices, webmail is available with the most popular browsers for Windows, Mac, Linux, iOS or Android.