Skip to content Skip to main navigation Skip to footer
Choose language:
Choose language:

Email

Atualizado/Updated: 2026-03-09

PT

If you have received an email that seems strange or potentially malicious, follow these steps.

Iscte’s email service is supported by the Office 365 platform, offering integration with Outlook, Teams, OneDrive, and other Microsoft tools.

1. How to Access Institutional Email

You can access your email via:

1.1. Outlook Web

    1. Access outlook online from the https://mail.iscte-iul.pt/
    2. Enter the Iscte username (e.g. xxnes@iscte-iul.pt) and click “Next“.
    3. Enter your password and click “Sign in“.
    4. On first use: 
      • Set the time zone by selecting “(UTC) Dublin, Edinburgh, Lisbon, London“.
      • Set the language by selecting, for example, “Portuguese (Portugal)“.

2. Configuration in Email Clients

By following the steps indicated for each device (computer, smartphone, or tablet), you can set up your account quickly, securely, and fully integrated with other institutional applications.

2.1 Outlook for Windows

    1. Open the Outlook client for PC.
    2. Enter the Iscte username (e.g. xxnes@iscte-iul.pt) and click “Connect”.
    3. Enter Iscte account password and press “Sign in” » “Done”.
    4. Click “Done“.

2.2. Outlook for MacOS

  1. Open the Outlook client for MacOS X. In case it is a first configuration of a mail account, click “Get Started“.
  2. Go to the “Preferences” menu.
  3. Access “Accounts“.
  4. Click “Add Email Account“.
  5. Enter the user name of the Iscte account (eg., xxnes@iscte-iul.pt) and click “Continue“.
  6. Wait for the end of the mail account setup.
  7. Click “Done” to finish.

2.3. MacOS Native Client

  1. Go to the “Apple” menu.
  2. Select “System preferences“.
  3. Select “Internet accounts“.
  4. Choose the “Exchange” account type.
  5. Fill in the “Name” and “Email Address” fields and click “Sign in“.
  6. Click “Sign in“.
  7. Enter your Iscte account password and click “Sign in“.
  8. If prompted, enter the code sent by Microsoft via SMS and click “Check“.
  9. Select the apps you want to use with this account and click “OK“.
  10. If you want to change the “Description” and “Name” of the person associated with the Exchange account, click “Details.”
  11. Change the description by writing, e.g. “ISCTE-IUL” and, to finish setting up the account, click “OK“.

2.4 Outlook for Smartphones, Tablets e iPods

Android 

      • Go to the Playstore, find and install the Outlook client.
      • After installation, sign in using Iscte account credentials: username (eg., xxnes@iscte-iul.pt) and password.

iOS

      • Access the AppStore, find and install the Outlook client.
      • After installation, sign in using Iscte account credentials: username (eg., xxnes@iscte-iul.pt) and password.

3. Shared Mailboxes

Email shared accounts (or shared inboxes/mailboxes) let teams manage communication from a single address (like info@ or support@) using individual logins, improving collaboration, centralizing messages, and making replies appear from the shared address, not a person.

These mailboxes do not require their own password: each user accesses them through their personal account, with permissions assigned by the IT team. This approach enhances security, prevents improper sharing of credentials, and simplifies daily communication management.

When using a shared account, the entire team can view the same set of messages, respond using the common address, and maintain a unified and consistent history. This improves coordination, reduces redundant responses, and makes it easier to track pending requests. Shared accounts are particularly useful in customer service, support teams, administrative offices, or any area that requires centralized communication with the public.

Key advantages:

    • Centralized collaboration: all team members work from the same inbox, ensuring alignment.
    • Efficient organization: messages are grouped in a single address, avoiding dispersion across individual accounts.
    • Unified history: the entire communication log remains accessible to the team, ensuring continuity even when someone is absent.
    • Greater security: eliminates the need to share passwords by using permissions based on personal accounts.
    • Transparency and accountability: responses sent appear as coming from the shared account, rather than from individual users, maintaining consistency in external communication.
    1. Sign in to Iscte’s personal mail account.
    2. In the tree folder structure, right-click on “Folders” and choose “Add shared folder.”
    3. Enter the shared account address (e.g., shared_mail@iscte-iul.pt) and click “Add“.The shared account will be available in the folder structure on the left side of the screen, allowing access to the entire message history of that mailbox.
    1. Create a new message.
    2. In the top menu, click on the “” option and choose “Show From“.
    3. Right-click on the personal address and choose the “Remove” option.
    4. Type the address of the shared account (e.g., shared_mail@iscte-iul.pt)

4. Email Distribution Lists

Distribution lists are email addresses that represent a group of recipients. When a message is sent to the list, it is automatically delivered to all associated members, avoiding the need to send it manually to each contact individually. This makes them especially useful for teams, departments, and project groups that need to receive the same information quickly and consistently.

Distribution lists allow you to keep internal communication organized, ensure that no one is left out of the loop, and facilitate the sending of recurring information or institutional communications. In addition, they simplify the work of those sending messages, reducing errors, omissions, and duplication of addresses.

Key advantages:

    • Efficient sending: just write to a single address to contact the entire group.
    • Consistent communication: all members receive the same information at the same time.
    • Ideal for organizational groups: departments, offices, support teams, projects, committees, and thematic groups.
    • Reduces human error: avoids mistakes in manually adding recipients and ensures that new members automatically receive all communications once they are added to the list.
    • Facilitates management and governance: lists are centralized and can be managed according to institutional access and usage policies.
At Iscte...
    • Iscte’s mailing lists are created and managed automatically by Fénix.
    • Sending messages to the most comprehensive addresses (alunos@iscte-iul.pt, docentes@iscte-iul.pt, funcionarios@iscte-iul.pt, investigadores@iscte-iul.pt, and trabalhadores@iscte-iul.pt) requires authorization from the Rector’s Office.
    • UATAS are authorized to send messages to their respective lists of students, faculty, and researchers.
    • All messages are subject to moderation.
    • As a rule, sending permissions are only granted to shared accounts of services/organic units.

5. Security & Compliance

Outlook integrates a robust set of security and corporate compliance mechanisms designed to protect sensitive data, ensure user privacy, and comply with legal and regulatory requirements in business environments.

These mechanisms operate at multiple layers—identity, device, application, network, and data—ensuring a secure experience in mobile, desktop, and web contexts.

Conditional Access (Microsoft Entra ID) allows organizations to define rules that determine when, where, and how users can access Outlook. These policies ensure that only authorized users and compliant devices can connect to corporate resources.

Key capabilities include:

      • Identity-based controls: restrict access based on user, role, group, or geographic location.
      • Real-time risk assessment: automatically blocks access when suspicious behavior is detected.
      • Device compliance enforcement: only devices enrolled in Intune or meeting security policies may access email.
      • Blocking compromised devices: devices that are outdated, rooted/jailbroken, or flagged with vulnerabilities can be automatically denied access.

Outlook employs several layers of encryption to ensure data confidentiality both in transit and at rest:

      • Encryption in transit (TLS): secures communication between the client (smartphone, PC, or browser) and Microsoft servers.
      • Encryption at rest: emails, attachments, and account data stored in Microsoft datacenters are protected with AES‑256 encryption.
      • Office Message Encryption (OME): allows end-to-end encrypted messages so that only authorized recipients can read them.
      • Support for S/MIME: available for organizations using digital certificates to sign and encrypt messages.

Data Loss Prevention (DLP) is essential for organizations managing sensitive information. Outlook uses DLP policies to identify, monitor, and protect confidential data, preventing accidental or unauthorized disclosure.

Primary features include:

      • Automatic detection of sensitive information: such as identification numbers, financial data, personal information, and confidential documents.
      • User alerts and blocking actions: prevents sending sensitive data to unauthorized recipients.
      • Justification prompts and override options: users may be required to justify exceptions before sending.
      • Full auditing: detailed logging of actions involving data risks or policy violations.

Multifactor Authentication significantly strengthens account security by requiring users to verify their identity through two or more methods:

      • Password + Microsoft Authenticator notification
      • Password + SMS code
      • Password + biometric authentication via smartphone
      • FIDO2 physical security keys (in enterprise scenarios)

Main benefits:

      • Drastically reduces unauthorized access, even if passwords are compromised.
      • Protects against phishing, replay attacks, and logins from unknown devices.
      • Native integration with Outlook Mobile, ensuring strong security without sacrificing usability.

In addition to the mechanisms above, Outlook also includes:

      • Advanced Threat Protection (Microsoft Defender for Office 365):
        • Malicious link scanning (Safe Links)
        • Attachment scanning (Safe Attachments)
        • AI-driven phishing detection
      • Retention and archiving policies: ensure compliance with legal and regulatory requirements.
      • Session control via Microsoft Cloud App Security: real-time session monitoring and anomaly detection.
      • Automatic blocking of non-compliant mobile apps accessing corporate resources.

5.1. How Do I Handle a Suspicious Email?

    • Check the sender and domain.
    • Do not click on links or attachments.
    • Forward as an attachment to csirt@iscte-iul.pt.
    • Delete after reporting.

Learn +

6. Best Practices

  1. Write clear and objective messages
    • Use a short and specific subject line.
    • In the body of the email, get straight to the point within the first 2–3 paragraphs.
    • If there are multiple tasks, use bullet points.
    • Avoid very long blocks of text.

  2. Identify yourself and provide context
    • Include a professional signature with your name, role, and contact details.
    • If the recipient doesn’t know you, introduce yourself briefly.
    • Always provide enough context to avoid unnecessary back‑and‑forth.

  3. Use recipients correctly
    • To: for those who need to take action.
    • Cc: for those who need to be informed but do not need to act.
    • Bcc: use only when necessary (e.g., bulk mailings).
    • Avoid sending emails to “everyone” unless essential.

  4. Check before sending
    • Review spelling and tone.
    • Confirm attachments (and whether they are updated).
    • Make sure “Reply All” is used only when appropriate.

  5. Be mindful of tone
    • Maintain professionalism and politeness.
    • Avoid irony or ambiguity (email does not convey tone of voice).
    • If emotions are high, avoid writing or sending emails “in the heat of the moment.”

  6. Protect security and privacy
    • Never share passwords or sensitive data by email.
    • Use attachments only when they are safe and necessary.
    • Be cautious with unexpected links, attachments, or urgent requests.
    • Follow cybersecurity best practices (e.g., using MFA, verifying senders).

  7. Use formatting sparingly
    • Avoid excessive colors or unprofessional fonts.
    • Use bold to highlight key points.
    • Use lists to organize information.

  8. Reduce noise and overload
    • Don’t use email for everything — sometimes Teams, a call, or a meeting is more effective.
    • Avoid sending emails outside working hours unless urgent.

  9. Manage your inbox
    • Use folders, labels, or rules to organize messages.
    • Archive or delete emails that are no longer needed.
    • Keep your inbox clean so you don’t miss important messages.

  10. Sensitive matters: extra caution
    • Avoid handling delicate discussions by email.
    • If written record is necessary, communicate carefully.
    • Never forward private information without permission.

🔎 1. Inbox Organization

      • Create thematic folders (e.g., Projects, Administration, Students, Finance).
      • Use categories or labels to quickly identify priorities or task types.
      • Keep the structure simple — too many folders become counterproductive.
      • Use Search Folders for quick access to categorized emails.

⚙️ 2. Automation with Rules

      • Set up rules to:
        • Automatically move messages into specific folders.
        • Flag important messages.
        • Manage recurring newsletters and notifications.
      • Automate sorting of emails from managers, teams, or partners.

🗂️ 3. Processing Methods (Flexible Inbox Zero)

      • It’s not mandatory to keep the inbox empty — the goal is to avoid accumulation.
      • For each received email, make a quick decision:
        • Reply (if it takes < 2 minutes)
        • Archive (if no action is required)
        • Delegate
        • Schedule (handle later)
        • Delete

4. Task Prioritization

      • Mark important messages with Follow‑up / Flags.
      • Convert messages into tasks in Outlook or Microsoft To Do.
      • Differentiate urgency from importance to avoid overload.

🧹 5. Regular Clean‑Up

      • Delete obsolete or unnecessary messages.
      • Enable or use Auto‑Archive policies in Outlook.
      • Regularly empty the Deleted Items folder.

🔎 6. Advanced Search

      • Use operators to find emails quickly:
        • from: sender
        • subject: keywords
        • has:attachment
        • is:unread
      • Create saved searches for frequent access.

🔔 7. Manage Notifications

      • Reduce notifications to minimize interruptions.
      • Keep alerts only for critical contacts or topics.

🔐 8. Account Separation

      • Keep institutional and personal email accounts separate.
      • Avoid mixing sensitive or private information in the institutional account.

📤 9. Avoid Using the Inbox as an Archive

      • The inbox should contain only pending messages.
      • Move completed items to organized folders or archives.

📎 10. Attachment Management

      • Save important attachments in OneDrive / SharePoint / Local Folder.
      • Whenever possible, share links instead of attachments to reduce space and maintain a single version.

🕑 11. Drafts and Scheduled Sends

      • Review the Drafts folder regularly.
      • Use Delayed Send for non‑urgent messages.

🧰 12. Useful Outlook Features

      • Focused Inbox to separate relevant content from notifications.
      • Sweep to organize recurring emails (newsletters, notifications).
      • MailTips to avoid mistakes (e.g., emailing large distribution lists accidentally).

Recommendations for Efficient and Secure Use of Institutional Email

Attachments are an essential part of academic and professional communication, but improper use can create security risks, storage issues, and collaboration difficulties. The following best practices help ensure effective, organized, and secure handling of attachments in an institutional context.

🔍 1. Verification Before Sending

      • Before sending any message with attachments:
        • Confirm that the attachment is actually included.
        • Check whether it is the correct file and corresponds to the final version.
        • If you make changes to the document, make sure you re‑attach the updated version.

📄 2. Use of Appropriate Formats

      • Use PDF for documents that do not require editing.
      • For editable files, use common formats such as .docx, .xlsx, .pptx.
      • Avoid outdated or poorly compatible formats.

🔗 3. Preference for Sharing Links Instead of Attachments

Choose to send a link whenever:

      • The file is large.
      • The document requires collaboration or editing by several people.
      • It is important to maintain a single updated version of the document.
      • Recommended platforms:
        • OneDrive
        • SharePoint
        • Teams

📦 4. File Size Optimization

      • Compress large images and documents.
      • Use .zip files when sending multiple items.
      • Avoid attaching files larger than 20–25 MB, as they may be blocked by email servers.

🔐 5. Protection and Privacy

When handling sensitive information:

      • Avoid attaching files containing personal data, financial information, contact lists, or internal documents without authorization.
      • Use shared links with controlled permissions (view/edit).
      • Encrypt sensitive documents or use password protection when appropriate.
      • Never send passwords via email — neither in the message body nor as attachments.

📁 6. Clear and Informative File Names

Use descriptive and organized file names:

      • Example: Report_Project_ISCTE_2026‑02‑23.pdf
      • Avoid generic names like “document1.pdf” or “final_final_v3.pptx”.
      • Do not use special characters that may cause errors in other systems.

⚠️ 7. Beware of Suspicious Attachments

    • Never open unexpected attachments, even if they appear to come from known contacts.
    • Be cautious with executable extensions such as .exe, .js, .bat, .scr.
    • In case of doubt or possible fraud, report it to the Iscte CSIRT: csirt@iscte-iul.pt

🗄️ 8. Storage Management

    • Avoid keeping large numbers of attachments in your inbox.
    • Store documents in OneDrive or institutional shared spaces.
    • Archive old emails that contain large attachments.

🧩 9. Final Review Before Sending

Quick checklist:

      • Is the attachment included?
      • Is it the correct version?
      • Is the format appropriate?
      • Does it contain sensitive data? If yes → use sharing or encryption.
      • Is it being sent to the correct recipients?
Recommendations for Organized, Efficient, and Secure Information Management
 
Proper archiving of attachments is essential for keeping the mailbox light, ensuring data security, and facilitating future access to important documents. These best practices are intended for the entire Iscte community.
 
🔍 1. Store attachments outside the mailbox
      • Your email inbox should not function as a storage location.
        Prefer using:
      • OneDrive — for individual-use documents.
      • SharePoint or Teams — for documents shared with teams or groups.
      • Institutional folders — when applicable.

Benefits:

      • Reduces the space used in your mailbox.
      • Keeps documents organized and easy to access.
      • Ensures automatic backup and greater security.

📂 2. Create a consistent folder structure

Organize your attachments logically from the start.

Suggested organization methods:

      • By project
      • By year or semester
      • By topic (e.g., Contracts, Images, Meetings)

Keeping the structure simple makes future search and access easier.

🧹 3. Avoid duplicates

      • Save only the final or most updated version of a document.
      • Delete duplicate or intermediate versions that are no longer needed.
      • If using multiple versions, label them clearly (e.g., v1, v2, final).

📝 4. Use clear file names

      • A good file name helps with organization and searchability.
      • Recommended format:
        Topic_Project_Date_Version.ext
        • Example:
          Report_ProjectX_2026‑02‑23_v2.pdf
          Avoid:
      • Generic names like doc1.pdf
      • Unclear abbreviations
      • Special characters that may cause errors

🏷️ 5. Use metadata when available

In platforms like SharePoint, you can add:

      • Categories
      • Tags
      • Project information
      • Document status or type

This greatly improves search and grouping capabilities.

🗑️ 6. Remove attachments from emails after archiving

After saving the attachment in an appropriate location:

      • Remove the attachment from the email (feature available in Outlook).
      • Archive or delete the original email to reduce mailbox size.

🔗 7. Save links instead of duplicate files

If the document already exists in an official shared location:

      • Save the link to the file instead of storing another copy.
      • This ensures you always access the most updated version.

🔐 8. Securely archive sensitive attachments

For confidential information:

      • Use folders with controlled permissions.
      • Avoid storing sensitive files in personal or unprotected locations.
      • Use encryption or password protection when necessary.

🔄 9. Ensure good backup practices

      • Avoid storing documents solely on your computer.
      • Prefer institutional cloud storage, which includes automatic backup.
      • Do not rely on external devices without redundant copies.

🔎 10. Review your archive periodically

A semiannual review is recommended to:

      • Delete obsolete documents.
      • Adjust naming and folder organization.
      • Reevaluate permissions and access.
 
How to Ensure Your Data Is Always Protected, Accessible, and Recoverable
 
Data loss can occur due to technical failures, human error, malware attacks, or simple accidents. A solid backup strategy is essential to protect information and ensure work continuity in any academic or professional context.
 
These recommendations apply to personal computers, mobile devices, and institutional storage systems.
 

1. Follow the 3–2–1 Backup Rule

The 3–2–1 rule is an international reference for ensuring redundancy and security:

      • 3 copies of each file (original + two copies)
      • 2 different types of storage (e.g., cloud and external drive)
      • 1 off‑site copy, ideally in institutional cloud storage

Example: Computer → OneDrive (institutional) → External drive or remote server.

2. Use Institutional Cloud Services

Within the Iscte environment, the cloud is the most suitable location for secure and collaborative storage.

      • Use OneDrive for individual documents.
      • Use SharePoint/Teams for team-based work.
      • Avoid storing critical information only on the local drive.
      • Benefit from synchronization, version control, and automatic recovery.

3. Perform Regular and Automatic Backups

      • Schedule daily or weekly automatic backups.
      • Avoid manual processes — they are easily forgotten.
      • On laptops, ensure power and internet connection during backup tasks.

4. Back Up Only What Is Essential

Include only relevant documents: reports, databases, projects, evidence.

Avoid:

      • Temporary files
      • Cache files
      • Installers

Avoid full operating system backups — they take up significant space and are rarely useful.

5. Test File Recovery Regularly

A backup is only effective if it can be restored.

      • Test file recovery regularly.
      • Verify the integrity of saved files and versions.
      • Ensure you know the restoration procedure in case of failure.

6. Take Advantage of File Versioning

OneDrive and SharePoint automatically maintain previous versions.

      • Useful for correcting mistakes or retrieving older versions.
      • Should be part of your backup strategy.

7. Protect Your Backups

Security is essential:

      • Encrypt external drives or backup folders.
      • Use MFA (multi‑factor authentication) on cloud accounts.
      • Store physical backup devices in secure locations.

8. Avoid Relying on a Single Device

External drives and USB sticks can fail.

      • Use more than one backup location.
      • Combine cloud storage with physical devices.
      • Alternate devices to ensure redundancy.

9. Renew Storage Devices

External drives typically have a lifespan of 3–5 years.

      • Replace aging or worn‑out units.
      • Keep records of acquisition dates and device condition.

10. Prevent Ransomware and Malware Risks

      • Never connect backup devices to potentially infected computers.
      • Keep the operating system and antivirus software updated.
      • In case of attack, use OneDrive or SharePoint version recovery.

11. Document Your Backup Plan

Define:

      • What is backed up
      • Where it is stored
      • How frequently backups occur

Keep the plan simple and accessible.
Ensure any team member can execute it in an emergency.

12. Follow Institutional Best Practices

      • Use approved institutional solutions (OneDrive, SharePoint, internal servers).
      • Avoid personal services (e.g., personal Google Drive, personal Dropbox) for Iscte data.
      • Ensure compliance with GDPR, especially when storing personal data.

7. Learn More...

8. User support

9. FAQ