We are introducing some new controls to help us protect and secure nhs.net data. This article provides guidance to end users on what to expect when the new Security Baseline controls are introduced and what steps they may need to take.
This guidance includes:
- What Do I Need To Do?
- What Should I Expect?
- How Do I Check What Operating System I Have On My Mobile Device?
- What Happens If My Operating System Is Out Of Date?
- How Do I Install The Broker App?
- What Do I Need To Do With The Broker App?
- Will The Broker App Manage My Device?
- Why Do I Get Asked To “Activate Device Administrator”?
- Why Do I Get Asked To “Set a 4-Digit PIN”?
- Where Can I Get Further Help?
What Do I Need To Do?
You will be informed by your organisation when the new controls will roll out to you. Included below are the steps you should take before this date.
Step 1
To access core Microsoft apps for work (e.g., Outlook or Teams) on an iOS or Android device, you will need to ensure your mobile device meets the following criteria:
- Device Operating System (OS)
Please make sure your device operating system (OS) meets or exceeds the minimum OS required:
| Device | Minimum Operating System (OS) |
| iOS | 15.0 |
| Android | 9.0 |
If your operating system has not been updated to the version listed in the table (or a later version) then you will receive a warning that you must update your OS version. Access to your work apps may be blocked until you have updated your operating system.
- Jailbroken or Rooted Devices
You should never use a jailbroken or rooted device to access work data. A jailbroken or rooted device is one that has been modified by someone to remove manufacturer or operating system restrictions.
If your mobile device is jailbroken or rooted, then access to your work apps will be blocked and protected app data will be wiped from your device.
- Android Specific Settings
If you have an Android device, then there are two settings that must be active on your device. Access to work apps will be blocked if not. These are turned on by default, but if for any reason you have disabled them, please ensure they are active. These settings are:
- Play Integrity Verdict
- Threat Scan on Apps (Google Play Protect)
For any of the settings above, if you are using a corporate device, then you may need to work with your IT Team to make sure the device meets the criteria.
Step 2
To access work apps, you may also need to install an additional app on your device if you don’t have it installed already.
- For Android: This app is the Microsoft Intune Company Portal App which can be downloaded from the Google Play Store.
- For iOS: This app is the Microsoft Authenticator App which can be downloaded from the App Store.
What Should I Expect On and After the Rollout?
Once the new controls are rolled out:
- When you first sign into a core Microsoft work app (such as Teams or Outlook) you will receive a notification informing you that your organisation is now protecting data in work apps.
- For Android or iOS devices, if you haven’t already downloaded the Microsoft Intune Company Portal App (Android) or Microsoft Authenticator App (iOS) then you will receive a notification that you must do this to proceed. The prompts on your device screen will walk you through the simple steps.
- If your device does not meet the minimum criteria then a notification will pop up to inform you. You can then take action to correct this.
Your experience may vary slightly depending on what type of device you are using and whether your device is a personal device or a corporate device.
How Do I Check What OS I Have on my Mobile Device?
For iOS Mobile Devices
- Open your settings app
- Select ‘General’
- On the ‘General’ page, select ‘About’
- On the ‘About’ page, you can find this information under “Software Version”. Your operating system should be iOS 15.0 or later.
For Android Mobile Devices
-
- Open your settings app
- Select ‘About Phone’ or ‘About Device’
- On the ‘About Phone’ or ‘About Device’ page, you can find this information under ‘Android Version’ or ‘Software Information’. Your operating system should be 9.0 or later.
What Happens If My Operating System Is Out Of Date?
If your operating system does not meet the minimum OS when the controls are rolled out, you will not be able to access organisation data with your device. You will receive a notification to let you know that you must update your operating system.
How Do I Install The Broker App?
If you don’t have the broken app installed on your device already, you will need to install it. The process is very similar to downloading any other application on your phone.
For Android:
- Open the Google Play Store on your mobile device
- Search for ‘Intune Company Portal’
- Select ‘Install’
- Once installed, you do not need to open or sign into the app. You have now installed the Android broker app.
For iOS:
- Open the App Store on your mobile device
- Search for ‘Microsoft Authenticator App’
- Select ‘Install’
- Once installed, you do not need to open or sign into the app. You have now installed the iOS broker app.
What Do I Need To Do With The Broker App?
After you have installed the broker app on your mobile device, Microsoft Intune Company Portal App (Android) or Microsoft Authenticator App (iOS), you do not need to do anything further with the app. You do not need to log into the app for the new controls to work.
Will The Broker App Manage My Device?
When you install the broker app on your personal device it will not:
- Manage your device in any way
- Be able to view or access your personal documents or photos
- Provide any visibility into the device e.g., your organisation will not be able to see your WhatsApp or text messages, web browsing history, saved passwords etc.
On a personal device, the broker app is only required to sit in the background to allow the controls to apply and ensure that the criteria is met.
Why Do I Get Asked To “Activate Device Administrator”?
If you are using a personal (unmanaged) Android device, when you sign in to Outlook for the very first time using your nhs.net account, a notification may pop up requesting that you “Activate Device Administrator”.
This is an existing NHS policy on Outlook (unrelated to the new changes). If you get this pop up, simply click ‘Activate’ to continue.
Why Do I Get Asked To “Set a 4-Digit PIN”?
When you sign in to Outlook for the very first time using your nhs.net account, a notification may pop up requesting that you “Set a 4-Digit PIN”.
This is an existing NHS policy on Outlook (unrelated to the new changes). If you get this pop up, simply set a 4-digit PIN to continue.
Where Can I Get Further Help?
For additional support please contact your local IT Support Team.
| Last Reviewed Date | 22/08/2024 |
