If a mailbox is used for sending a high volume of emails, or needs to be linked with an application, or API, it must be converted into an ‘Application Account’. If a mailbox needs to be converted from a personal (user) mailbox into an Application Account, it must be appropriately named to indicate that it is being used for sending high volume of emails as part of a business process, for example: firstname.lastname@example.org
- Local Primary Administrator and Local Administrator roles have the appropriate permissions to update a user mailbox to an application account. Further information on finding and adding PLA/LAs can be found on the NHSmail support page – Finding-Your-Local-Administrator.
- If the user mailbox has Multi-Factor Authentication (MFA) enabled prior to the conversion to an application account, MFA will be disabled on the application account.
- Standard forensic process will apply to application accounts.
- The requirement for changing the account password is once a year and will require the following enhanced password criteria:
- At least 20 characters
- 1 upper case
- 1 lower case
- 1 number or symbol
- Must not be a breached password
- Must not contain your first and/or last names
- Must not be a common password
- Must not be the same as the previous four passwords
If you would like to find out more about NHSmail password policy, please refer to the NHSmail password policy.
|Last Reviewed Date||07/07/2023|