Dickson Release – Content Summary
The NHSmail Portal release is named in honour of Jo Dickson, the former CNIO of NHS Digital. This recognition is for her role as a founding leader in digital nursing and her incredible passion for delivering high quality and safe digital services.
Please find below a summary of the main content of the Dickson release which was deployed on the 2 March 2023. To view the full release notes for this release please see the PDF file at the end of this summary.
Portal Projects Functionality
- 63015- VN137 – Create a portal API to disable MFA (Multi-Factor Authentication) when Conditional Access (CA) is enabled
As part of this PBI, if a user is within a Conditional Access group that either disables MFA or applies MFA via a conditional access setting this will take precedence over MFA settings enabled via the Portal UI until the user is removed from the Conditional Access group.
Please note that Conditional Access is part of the future development plan for the NHSmail platform, and this field will only return results when Conditional Access has been fully released on the platform in 2023.
BAU Functionality – Product Backlog Items
- 47507- Update Guest Inviter role and workflow within Portal
As part of this PBI, the “Invite Guest Users” role is updated to only be able to view the requests associated to the Organisation in which the user has Invite Guest Users roles access as mentioned below:
- When a user has a Global Admin and (B2B Approver & Invite Guest Users) role the admin will have the ability to perform the following actions:
View/Add/Re-Invite/Restore/Delete for all guest users across the platform.
- When a user is a Local Admin of Organisation A and (B2B Approver & Invite Guest Users) of Organisation B they will have the ability to perform the following actions for Organisation B only:
View/Add/Re-Invite/Restore/Delete for all guest users under Organisation B.
- When user has B2B Approver & Invite Guest Users role at Organisation A they will have the ability to perform the following actions for Organisation A only:
View/Add/Re-Invite/Restore/Delete for all guest users under Organisation A.
- 67686- B2B Approver & Invite Guest Users Roles Permissions Update
As part of this PBI, B2B Approver & Invite Guest Users roles have been updated to only be able to view the requests associated to the Organisation in which the user has B2B Approver & Invite Guest Users access to. This feature change is focusing on the B2B admin section, alongside the B2B “My Approvals” requests.
- When a user has B2B Approver & Invite Guest Users roles at Organisation A, they will only be able to view “External Organisations” and “External Federated Groups” associated with Organisation A
- When a user has B2B Approver & Invite Guest Users roles at Organisation A, they will be able to view the B2B related approval requests associated with Organisation A via the “My Approvals” page.
- 59614- New MFA Status Report – to include MFA Status & Compromised Account related details
This PBI implements a new admin report called ‘MFA Status Report’ which is presented under Reports tab within NHSmail Portal.
This report will provide the following information related to a users’s MFA status on the NHSmail platform:
- MFA status
- MFA authentication type
- Compromised account status for each user
- Details of when an account was last marked as compromised and last remediated
- Who marked the account as compromised
- Who remediated the account
- Cumulative tally showing how many times an account has been marked as compromised
Please note: the compromised and remediated data will only be present if a user has previously been marked as compromised or remediated.
- 68768- New MFA Status values
As part of this PBI, new MFA status values have been introduced to show how MFA has been added or removed from a user account. The following status cover all current scenarios for how MFA can be applied or removed on the platform:
- User Enabled – when a user enables MFA via self enrolment
- User Disabled– when a user disables MFA via self enrolment
- Admin Enabled – when a Local or Primary LocalAdmin enables MFA via User Management
- Admin Disabled – when a Local or Primary Local Admin disables MFA via User Management
- MFA Enforced ATP Group – MFA added to the user when an ATP role is added to their account.
- MFA Disabled ATP Group – MFA removed from the user when an ATP role is removed from their account.
- MFA Enforced Admin Role – applied when a user has an admin role assigned (Local Admin, Primary Local Admin)
- MFA Disabled Admin Role – applied when a user has an admin role removed (Local Admin, Primary Local Admin)
- MFA Enforced Compromised– applied when a user’s account has been marked as compromised.The new status values will also be reflected in the new MFA status report.
- 70222- Marked as Compromised (MAC) Email Notification Logic – PLAs/LAs at Parent Organisations
As per this PBI, if a user has been marked as compromised and the associated organisation does not have any users with Local Admin or Primary Local Admin roles, the notification email will be sent to the Local Admin or Primary Local Admin of the associated parent organisation.
If the associated parent organisation does not have any users with Local Admin or Primary Local Admin roles, the notification email will be sent to the Local Admin or Primary Local Admin of the associated grandparent organisation.
- 70928- Updating Marked as Compromised Email Notification
The email template content has been updated for the “Mark As Compromised” workflow which Local Admins and Primary Local Admins receive when a user under their associated organisation has been Marked As Compromised by either a Global Admin or Global Helpdesk user.
- 56119- Add dial-out capacity per User Policy
As part of this PBI, we have introduced the dial-out functionality as part of the Dial-in Add-on licence. The dial-out capability will give users the ability to dial-out internationally from Microsoft Teams. By default, all User Policies with a dial-in add-on licence will be set to dial-out national as per Microsoft’s default setting.
- 56210- Add dial-out capability for an organisation
This PBI will introduce the capability of switching the dial-out international toggle ON for all User Policies with a dial-in add-on licence under your Organisation. This setting will be available on your organisation settings page. By default, the international toggle will be switched OFF.
- 66372- Dial-Out Capability – Addition of ability to dial out nationally (Policy & Org Level)
As per this PBI, this is in addition to the dial-out changes which have been developed under 56119 and 56210. This PBI focuses on the user interface tooltip changes as well as the toggle functionality between the relationship of dial-in and dial-out.
- If dial-in is switched OFF within the user policy, neither the dial-out nationally nor internationally will be able to be toggled ON.
- If dial-in is switched ON, dial-out nationally will be switched ON by default with dial-out internally switched OFF.
- If dial-in is switched ON and dial-out internationally is switched ON the dial-out nationally will also be switched ON as this is a default capability.
- 58913- My Approval Requests page refactoring
The development of this PBI is to improve the performance of the “My Approvals” page under the admin tab. This page will automatically load 0 results, but the following guidance will be presented in order to refine the results further:
“Please enter a search criteria to see results”.
If the request returns more than 500 results, a blue banner will appear stating the following:
“Only the 500 most relevant results have been returned for your search. Please refine your search to return less than 500 results to see them all.”
Users will need to input additional search criteria to refine the results further.
- 59615- MFA – Add banner to User Details pages for user accounts that are marked as Compromised
This PBI adds a new blue information banner at the top of the User Details page for a compromised account:
“This account has been marked as compromised. Please proceed with caution”.
Once a user account is remediated, the blue information banner will be removed.
- 61001- My Profile Page – Update Support Site Link
This PBI updates a hyperlink for “here” (within the textbox below the “Self-enrol for Azure MFA” button), on the Self-Service tab of “My Profile” page.
- 66770- Update to Tooltips for Auto-Expanding Archive Feature (User Management & Organisation Level)
This PBI is to update the text tooltip displayed for the auto-expanding archive feature both at a User Detail level and Organisation level.
- 69169- Update Portal Carousel to include ‘NHS Care Identity (Smartcard) Sign in’ Slide as fifth slide
As part of this PBI, a new slide has been added to include the following: “’NHS Care Identity (Smartcard) Sign”. This item on the carousel will be presented in the 5th slide.
- 70782- Update Portal Carousel to include ‘NHSmail account – use it or lose it’ Slide as first slide
As part of this PBI, a new slide added has been added to include the following: “NHSmail account – use it or lose it”. This item on the carousel will be presented in the 7th slide.
BAU Functionality – Bug Fixes
- 71975- CSV Bulk Update Accounts Failing – Password Validation
This bug fix will the remove the need for password validation within the CSV upload functionality when updates to other field properties are included within the CSV updates.
For example, if a user attempted to update the JobTitle property with a value which didn’t match the NHSmail Portal criteria, the validation of the file would return a validation error against the wrong CSV column.
- 49230- PODS – If a user attempts to register a care provider site that is already registered for NHSmail, error message should be displayed
After the bug fix, when a care provider site has already registered for NHSmail, then an error message will be displayed if a user attempts to register with the same postcode as an existing one. This error will notify end users that the care provider is already registered.
- 52221- Sponsor 2 receives the ‘Action required – Azure B2B Request has been raised’ email separately for external organisation access requests
This bug fix is focused on when an External Organisation Access request is raised having and has both a Primary and a Secondary sponsor listed. The request notification will include both sponsors in the CC field rather than sending separate emails to each.
- 59894- Static DL’s remain in pending once approved if they encounter any error during the approval
This bug fix has been resolved for situations where static distribution lists remain in a pending status after an admin approves the static distribution list changes performed by an owner. This fix will no longer see distribution lists remaining in a pending state after an approval or rejection operation.
To view the full release note please refer to the PDF file.