Purpose
This policy establishes guidelines for the use of third-party add-ins and applications within Kean University's Microsoft 365 environment. It ensures that academic tools align with the University's educational mission while maintaining our security standards and preventing redundant or conflicting applications.
Scope
This policy applies to all Kean University employees, students, contractors, and affiliates who use Microsoft 365 services (including Outlook, Teams, Word, Excel, PowerPoint, and other Office applications).
Policy Guidelines
1. Default Add-In Status
- Third-party add-ins for Microsoft 365 applications are disabled by default across the University.
- This safeguard protects institutional data and ensures consistency with our security framework.
2. Add-In Request Routing by Purpose
Academic and Instructional Add-Ins
- Requests for add-ins intended for academic or instructional purposes must be submitted to the Office of the Provost for review.
- The Provost's office will evaluate whether the requested tool:
- Aligns with the University's academic vision and strategic goals
- Provides unique value without duplicating existing approved tools
- Meets institutional learning objectives
Research Add-Ins
- Requests for add-ins intended for research purposes must be submitted to the Office of Research and Sponsored Programs (ORSP) for review.
- ORSP will evaluate whether the requested tool:
- Supports valid research objectives and methodologies
- Complies with grant requirements and sponsor guidelines
- Aligns with research data management policies
- Meets ethical and regulatory research standards
Administrative and Operational Add-Ins
- Requests for add-ins intended for administrative or operational purposes (e.g., workflow automation, data management, business processes) will be reviewed by Kean Information Technology.
- Kean IT will evaluate whether the requested tool:
- Addresses a legitimate business need
- Provides functionality not available in existing systems
- Supports operational efficiency and effectiveness
- Aligns with enterprise technology standards
3. Security and Compliance Review
- Following functional review, the Provost's office or ORSP will notify Kean Information Technology of their approval or denial decision.
- For approved requests, Kean Information Technology will conduct a security assessment to verify:
- Compliance with University data protection standards
- Adherence to privacy regulations (FERPA, GDPR, HIPAA, etc.)
- Vendor security practices and data handling policies
- Integration risks with existing systems
- Licensing and support considerations
- For denied requests, Kean IT will communicate the final decision to the requestor with the rationale provided by the reviewing office.
4. Rationale for Centralized Review
This process prevents:
- Overlapping functionality – Multiple tools serving the same purpose create confusion and waste resources
- Security vulnerabilities – Unvetted applications may expose sensitive University data
- Misalignment with institutional goals – Tools that don't support our mission across academic, research, or operational domains
- Support burden – Managing numerous similar applications strains IT resources
- Compliance risks – Unauthorized tools may violate regulatory or contractual obligations
5. Approved Add-In Management
- Once approved, add-ins will be:
- Centrally deployed to authorized users or groups
- Documented in the University's approved technology inventory
- Subject to periodic security reviews
- Users may not install or enable add-ins independently, even if technically possible.
6. Request Process
To request a Microsoft 365 add-in:
Step 1: Submit Initial Request: Submit a detailed request to the appropriate office based on purpose:
- Academic/Instructional → Office of the Provost
- Research → Office of Research and Sponsored Programs (ORSP)
- Administrative/Operational → Kean Information Technology
Include in your request:
- Add-in name and publisher
- Primary purpose and intended use case
- Target users (individuals, department, or college)
- Justification for why existing tools are insufficient
- Expected duration of use (ongoing or project-specific)
Step 2: Functional Review: The designated office will review for alignment with institutional objectives within 10 business days and notify Kean Information Technology of their decision.
Step 3: Security Assessment (if functionally approved), IT Security will conduct a technical review within 10 business days.
Step 4: Decision and Deployment: Users will be notified of the final decision. If approved, Kean IT will coordinate deployment to authorized users.
Total estimated timeline: 15-20 business days
7. Prohibited Actions
Users may not:
- Attempt to bypass add-in restrictions or install unauthorized add-ins
- Share University credentials with third-party applications
- Use personal Microsoft 365 accounts to circumvent institutional controls
- Install add-ins obtained from unofficial or unverified sources
Compliance & Enforcement
- Unauthorized installation or use of add-ins may result in:
- Removal of the application
- Temporary suspension of Microsoft 365 access
- Disciplinary action per University policies
- Kean Information Technology reserves the right to remove any add-in that poses a security risk, even if previously approved.
Exceptions
- Add-ins included with standard Microsoft 365 licenses (e.g., Microsoft Editor, Designer) are pre-approved and do not require additional authorization.
- System-wide enterprise tools approved by University leadership are exempt from individual review.
Review Cycle
This policy will be reviewed annually—or earlier if necessary—by Kean Information Technology in consultation with the Office of the Provost and ORSP to reflect updates in technology, security best practices, and institutional needs.