Information – User account management changes – implemented 1 December 2022

01/12/2022 11:30:00 AM (GMT)

User accounts that are not pro-actively used or monitored present a security risk to the NHSmail platform. To enhance security, we have made some account management changes.

Both the ‘active’ AND ‘inactive’ periods for unused accounts have been reduced from 90 to 30 days.

At least one of the below activities must be completed every 30 days to keep an account active:

  • Logging into the NHSmail portal
  • Logging into an NHSmail shared tenant O365 application (e.g., Teams)
  • Use of O365 applications (e.g., Outlook with cached credentials)
  • Sending an email

New accounts – any accounts that have been set up but not accepted the Acceptable Use Policy (AUP) or set security questions will be moved to inactive within 30 days.

Please ensure that this change is communicated to your respective HR/IT teams to ensure local processes are updated in line with this change.

There is no change to shared or resource mailbox hygiene.

Further detail and guidance is available here – LA communication – 24 November 2022 – NHSmail Support

back to top