Sign in with the M365 account

At some PC pool computers, it is possible to log in using a student M365 account. This account is created through voluntary registration with the student's university email address.

Sign in with the M365 Account

Further information on registering for the M365 account:
EES for students

To register, you will need your student email address in the form firstname.lastname@stud.tu-darmstadt.de.

In addition, guest access allows you to log in to a virtual pool using your TU-ID.

Data privacy information

  • The same data privacy policy applies as when using Microsoft 365.
  • The pool PCs are configured to suppress telemetry data transmission wherever possible.
  • Login to Microsoft applications takes place in the background.
  • Synchronization is enabled by default in Microsoft Edge. If you prefer not to use this feature, please switch to a different browser.
  • To ensure that M365 registration remains voluntary, access to study-relevant content must not be dependent on the use of Microsoft 365.

Click the Gast button on the login screen. Then launch Citrix Workspace. The vDesk pool is available in the guest session with TU ID login.

Using M365 in the pools does not affect your M365 license. You can continue to activate the M365 apps on up to five personal devices.

With the M365 account, it is possible to use a FIDO2 key for login.

This key replaces the cumbersome login process with a username and password.

Simply insert the FIDO2 key and enter a PIN. To ensure physical presence, a tap on the key is required. We recommend treating the key like a house key and removing it after logging in.

The same key can also be used for additional passkeys, as well as a HOTP procedure, for example, at the TU's SSO.

Open https://aka.ms/mysec

Follow the instructions there. You should also register an additional method, such as Microsoft Authenticator or a second key.

The PIN functions similarly to a bank card PIN. Although the specification only requires a minimum of 4 characters, longer PINs are possible. Recommendation: 6 digits. A purely numeric PIN is recommended for compatibility with WebAuthn and various browsers.

  • Use a PIN that is easy for you to remember.
  • It should not be easy to guess (no repetitions, no sequences of numbers).
  • The advantage in terms of usability would be lost with a PIN that is more like a complex password.
  • After eight failed attempts, all passkeys on the FIDO2 key become unusable, and the key must be reset.

Remove the FIDO2 key from the list under https://aka.ms/mysec and create a new one. If applicable also remove passkeys from other Web-Services that were saved to this key.

After 8 failed attempts the key will be locked. Remove it from the list at https://aka.ms/mysecand follow the manufacturer's instructions to perform a reset. This will delete all passkeys on the stick. You can then set up the stick again.

The passkey on the Fido2 key is stored as discoverable and contains the login name. This information is protected by the PIN.

Authentication with the FIDO2 key involves something you know (the PIN) and something you have (the FIDO2 key), making it MFA. For example, when logging in to the https://aka.ms/mysec website, no additional login method is requested. To avoid being locked out if you lose the key, an additional method for MFA is registered at this point. This method is also used for the “Self-Service Password Reset” (SSPR).