All News

Pile of newspapers

Changes to Microsoft Free Licensing for Schools

Microsoft has recently announced the planned retirement of the Microsoft A1 Licenses for Education.  According to Program Updates in Microsoft 365 for Education page the main reason is to limit storage.  Free, unlimited storage plans have become prohibitive and have become a large vector for security risks and fraud. 
Microsoft advise that they will offer education generous storage allowances and tools to support these changes and transition times.  They also say that all customers need to start considering and implementing new policies for information management and governance. They see the benefits to schools by helping them reduce some of the security risks associated with legacy storage and data sprawl, while also benefiting from a shared environmental footprint.

With the move to the cloud, stored files and unused accounts have increased significantly over time, as more and more stored files and data have proliferated without a plan for end of life.  This is not sustainable from a cost or environmental sustainability perspective and it puts educational institutions and their students at risk of a data breach.  

From a sustainability standpoint, stored files no longer in use have an impact on our carbon footprint with over half of all data stored by organisations not serving a useful purpose. Storage of this “dark” data takes up space on servers and results in increased electricity consumption, generating 4% of global greenhouse gas emissions in 2020 alone. Microsoft is committed to both the security and privacy of school and student data as well as reducing the collective carbon footprint. Already, their data centers are built with the highest environmental standards in mind. With this change, education customers can help do their part.

This video explains in detail what will happen with the licensing and the storage.  Some members of staff that currently have A1 licenses may no longer have a license and so should added to the license count.  It also explains the storage changes in detail:


The Office 365 A1 Plus program for Education will be retired by Microsoft on August 1st 2024.  A1 Plus included desktop apps for qualified schools that purchased Office institution wide for students and staff.  Instead, schools will either have to downgrade to the A1 license (web app only) or pay for A3 or A5 licenses.

Microsoft are suggesting that this is a good time to check best practice around information management in schools to mitigate data breach risks.

Data Protection Education's Information and Cyber Security Best Practice Area provides help and guidance about information management and user access control, while also considering what needs to be done in terms of data and information clean up when a member of staff leaves.  The Records Management Best Practice Area gives advice about records management.  The Best Practice Checklists can walk you through information management step by step to help reduce your risks of a data breach.

Data minimisation is a fundamental principle within the framework of the UK GDPR. It emphasises the concept of collecting, processing, and retaining only the minimum amount of personal data necessary to achieve a specific purpose. This principle aligns with the broader goals of protecting individual privacy and reducing the potential risks associated with excessive data handling.

Under the UK GDPR, data minimisation serves several important purposes:

  1. Privacy Protection: By limiting the amount of personal data collected and processed, organisations can better protect individuals' privacy. This is crucial in a digital age where data breaches and unauthorised access to personal information are common concerns.

  2. Risk Reduction: Minimising the volume of personal data reduces the potential for harm if a breach occurs. The less data available, the less information that can be exposed or misused.

  3. Transparency and Accountability: Organisations are required to be transparent about their data practices, including explaining why they collect certain data and how they intend to use it. Minimising data collection helps in providing clear and accurate information to individuals.

  4. Lawfulness and Fairness: The principle of data minimisation contributes to the fair and lawful processing of personal data. Collecting only what is necessary ensures that individuals' rights are respected, and their data is not processed beyond the scope of the original purpose.

  5. Storage Limitation: Data minimisation supports the storage limitation principle, which dictates that personal data should not be retained for longer than necessary. Collecting only essential data makes it easier to comply with these limitations and ensures data is not kept longer than needed.

  6. Enhanced Data Governance: Organisations that prioritise data minimisation are more likely to implement robust data governance practices. They tend to have clearer policies on data handling, storage, and disposal.

  7. Data Accuracy: With fewer data points to manage, maintaining the accuracy of the collected information becomes more feasible. This contributes to the quality and reliability of the data being processed.

  8. Individual Rights: Minimising data ensures that individuals have better control over their personal information. It enables them to exercise their rights, such as the right to access, rectify, and erase their data.

In practice, organisations should consider implementing data minimisation by conducting regular assessments of their data processing activities. They should evaluate the necessity of each piece of data collected and processed, ensuring that they can justify its relevance to the intended purpose. By applying data minimisation principles, organisations can achieve compliance with the UK GDPR, uphold individuals' privacy rights, and mitigate potential risks associated with excessive data handling.

Data Protection Education provides Data Protection services into organisations.  We provide online support, our DPE Knowledge Bank, Best Practice Library, Incident Support, Review Meetings, Visits - both in person and online, a dedicated consultant, Checklists and To-dos, Cyber Security support, Redaction services and more.  Please contact us on This email address is being protected from spambots. You need JavaScript enabled to view it. for more information.

Search