Information – NHSmail Intune New Functionality
31/08/2023 15:45:00 PM (GMT)
NHSmail Intune: The new functionality enabling Local Administrators (LAs) to create, view, edit, search, and update the membership of static mail-enabled and non-mail-enabled (only) security groups via the NHSmail Portal and is planned to be released by early September.
This does not extend to the management of the Automated ODS All Users security groups.
This announcement outlines the steps being taken to allow you to leverage the new capabilities for your static Intune security groups, as well as recommendations for creating static (mail/non-mail enabled groups) in the future.
What will happen to existing Intune static non-mail enabled and dynamic Security Groups?
The naming convention of your static and dynamic Intune Security Group(s) will be updated. For static groups, this means they will be visible via the NHSmail Portal UI for future management. For dynamic groups, this will not change anything about how these groups are created or managed.
The table below shows the naming format that will be applied, with the ODS code, identifier and Intune prefixed to your pre-existing chosen name, for example: “ODS.sg.Intune-NameCreatedByLA”. No action is required from you to prepare for this change. You will begin to see these changes from 01/09/2023.
| Security Group Type | Prefix* | Identifier* | Intune Identifier | Name | Email Domain* |
| Static Non-Mail Enabled | ODS Code | sg | Intune- | Name created by Local Administrator | N/A |
| Dynamic | ODS Code | dsg | Intune- | Name created by Intune Live Service Team | N/A |
* Automatically added by the Portal for Static Non-Mail Enabled.
How can I manage Intune security groups going forward?
Following the release of the NHSmail Portal functionality in early September 2023, Intune Admins will be able to leverage the NHSmail Portal for the creation of static security groups.
IMPORTANT NOTE: The creation of dynamic and device-based security groups will remain unchanged and will need to be requested when required.
All static non-mail-enabled security groups created by the Intune Group Management App will automatically appear in the NHSmail Portal with no manual naming convention steps required.
Any new static non-mail-enabled security groups created via the NHSmail Portal for Intune purposes will be required to use a specific naming convention shown via the table below:
| Security Group Type | Prefix* | Identifier* | Intune Identifier | Name | Email Domain* |
| Static Non-Mail Enabled | ODS Code | sg | Intune- | Name created by Local Administrator | N/A |
* Automatically added by the Portal for Static Non-Mail Enabled.
The owning ODS code and security group identifier (sg) will automatically be added. Meaning LAs intending a group to be used for Intune must start with (Intune-) followed by a chosen name, as shown in bold:
- Non-Mail-Enabled: ODS.sg.Intune-NameCreatedByLA
IMPORTANT NOTE: Security groups created within the NHSmail Portal without the Intune prefix will not appear in the Intune Group Management App. Static mail-enabled groups created within the NHSmail Portal will not appear in the Intune Group Management App.
We recommend adopting the new Portal functionality for the creation and management of static security groups moving forward given the richness in features and administrative control.
What do I need to do?
There are no pre-requisite actions or changes required ahead of this release. This communication is for informational purposes only. Please access the security group capabilities via the NHSmail Portal to search for your groups when available.
Where can I get support?
A range of guidance materials surrounding the new security group capabilities will be available on the NHSmail Support Site, including updated Intune guidance around the creation of the various types of security groups, processes, and ongoing management.
