Archived LA webinar session recordings

Application Account Conversion – new process
The recent Franklin-Jones release gave all Local Admins the ability to convert application accounts directly without the need for a HSS request. 

Please be aware that user accounts which belong to actual individuals should not be converted to application accounts. The NHSmail team will be doing regular checks on recently converted accounts to ensure that no accounts belonging to individual users have been converted in error. 

Example: 

john.doe@nhs.net should not be converted to an application account as this account belongs an individual and a new generically named account needs to be created to then be converted 

Delayed Email Delivery Issue – 18 July 2023  (INC37076937 – Delayed eMail Delivery – RESOLVED – NHSmail Support) 

Email delivery delay issue potentially triggered by two Microsoft service degradations: 

• https://support.nhs.net/2023/07/microsoft-365-alert-service-degradation-exchange-online-users-inbound-and-outbound-email-delivery-may-be-delayed-for-15-minutes-or-longer-in-exchange-online/ 
• https://support.nhs.net/2023/07/microsoft-365-alert-service-degradation-exchange-online-some-users-may-be-unable-to-send-exchange-online-email-messages/ 

Emails continued to be delivered throughout the incident, however, some users may have experienced delays in emails being received in the recipient’s mailbox.  

Detailed overview of incident and remediation provided by Accenture. 

GP Phone System Retirement (Information – GP Phone System Retirement – NHSmail Support)
As highlighted by the Digital Primary Care team in May, the central provision and availability for Teams Phone System for GPs to use for outbound called will cease on 31 July 2023 at the end of the grace period. 

From this point onwards, users at impacted organisations will be unable to make outbound calls to external PTSN numbers via the Teams client. This will not impact any organisations who have purchased and are using their own Teams Phone System licences. 

Please note that any NHSmail User Policies that were created as part of the central service roll out will be renamed to remove the Phone System suffix from the naming convention. After 31 July, LAs will then be able to edit or re-name these policies as required. 

O365 Updates – Ideas Welcome 

https://forms.office.com/e/LiBTKC8pcF 

You’ll all be familiar with the central O365 updates that appear in Teams to keep you all in the loop. We’re keen to source ideas for these updates from the LA community – if there are any specific topics you’d like 

REMINDER: SMTP on user accounts
Quick reminder that SMTP should not be enabled on standard user accounts. If you have an account which requires SMTP to be enabled, this needs to be converted to an application account prior to SMTP being enabled. 

SMTP on standard user accounts is being removed as part of a standard BAU background process and we recommend that LAs check their mailbox reports regularly to capture and proactively remediate any standard user accounts that have had SMTP enable in error.  

FastTrack Overview – Danish Mahmood 

• General Updates
• Live demo of the released Self-Service Password Reset
• Bring Your Own Device security controls and deep dive webinar reminder
• An update on converting user accounts to shared mailboxes
• O365 Company Communicator updates from Centre of Excellence Team
• Q&A time

•  This week LA bulletin covered developments on the new user account secret questions 

• Intune and MFA updates. In terms of numbers, there are 5k Intune devices enrolled and 180k accounts with MFA enabled. 

• The Franklin Jones release on Wednesday 5 July will give the ability for LA/PLA to convert user mailboxes to Application account – NHSmail Support 

• SMTP on user accounts will be withdrawn from user accounts on a regular basis; it is critical that this protocol is not re-added. 

• Discussion about Otter. Ai and similar tooling, local governance as to whether it should be used or not. 
• PODS team general update 
• Updates were done by the Technical Architects team 

• Update on the Microsoft contract and the participation agreement 

All User Comms – NHSmail Annual Survey 

Many of you will have already spotted, an all user comms was sent out yesterday to thank everyone for their participation in the NHSmail Annual Survey and share the key scores on the door with everyone.

Myself and the wider Service Management team would also like to pass on our personal thanks to everyone who took part. We appreciate you taking time out of your hectic schedules to do so and for continuing to collaborate with us year-round to continually improve the service. 

Infrastructure Upgrade 23-25 June
Information – Planned Infrastructure Upgrade (NHSmail Datacentre) – First Notice – NHSmail Support 

We will be completing an infrastructure upgrade next week starting at 7:00pm on Friday 23 June and completing on 25 June. During this period, all traffic will be actively routed via the active data centre to ensure there is no impact on end users. 

Any organisations that are using direct IP addresses rather than DNS to access the email gateways may potentially lose service during the upgrade and if you believe that this affects your organisation, we recommend using our standard DNS settings to prevent any loss of service. Guidance regarding the relay config – https://support.nhs.net/knowledge-base/relay-configuration/ 

Where switching to the standard DNS settings is not possible or you perceive that there could potentially be significant user impact resulting in a clinical risk, we would encourage you to contact the Helpdesk for further guidance.

We expect there to be no service impacts as mentioned earlier, but as ever I’d encourage you to review your service continuity plans. 

Trend/Junk Issue
INC36247960 – Legitimate Mail Being Directed to Junk Folder – RESOLVED – NHSmail Support 

This audience will also be aware of the issue we had last week around legitimately emails being falsely flagged as Junk mail and move to Junk Mail in error.

This issue has now been fully resolved and the Accenture team continue to work closely with our third-party security provider on this and any wider improvements that are required to prevent a recurrence. 

Pronouns Option in Teams 

As it is Pride Month this month, I am delighted to announce that the option to add your Pronouns to your profile in Teams will be available in the NHSmail tenant from the middle of next week. 

Adding your Pronouns to your Teams profile card will be entirely optional. However, I would like to encourage as many of you to do so as possible as it is a quite uncomplicated way that you can show your support for your LGBT colleagues across health & social care all year round. 

REMINDER: Public vs Private 

Reminder that in most cases Teams, SharePoint and Stream content should be set to Private rather than Public or visible to Everyone in my organisation. If content is set to be accessible by Everyone in my organisation, this will make the content viewable by every user on the NHSmail shared tenant which is unlikely to be appropriate in most cases.

As you will all be aware, we have the privacy notifications in place that are triggered when any Teams, SharePoint or Streams content is change from the default Private setting to Public and notifies both LAs and the content owners. However, we are still seeing quite a lot of the content that is being set to Public and then left as Public. It is the responsibility of LAs and content owners to review and act on any privacy notifications received.

To try and help organisations with this we will be sending out some additional comms in the near future to give organisations a better picture of their numbers in this space.

Current guidance: Private vs. public settings in O365 – NHSmail Support
Privacy monitoring: O365 Privacy Monitoring – NHSmail Support

 REMINDER: SMTP on user accounts 

Another quick reminder that SMTP should not be enabled on standard user accounts. If you have an account which requires SMTP to be enabled, this needs to be converted to an application account prior to SMTP being enabled.  

Accessibility Testing Volunteers – Portal Refresh – Last Chance! 

We still have a few places left for Accessibility testers for the Portal refresh project, but they are filling up quickly.

If anyone on this call would be interested in taking part in this, please contact Hafsa (hafsa.hersi1@nhs.net) directly to register. 

VN162 User Secret – New Users – presentation (see recording for full details) 

Findlay Release – 22 May 2023 – Findlay Release – Content Summary – NHSmail Support
The Findlay release was successfully deployed on Monday 22 May. This release was largely aimed at completing further preparatory work ahead of the platform-wide MFA changes that will start rolling out from July.

Couple of key items to note include:

• A bug fix to improve the MFA reporting in relation to the Authentication Type information that is present in the current report.
• A new onboarding flow for the M365 E5 licence to enabled organisations to onboard this licence type.
• Improvements to the telephone field to allow extension numbers to be added.

Basic Auth Deprecation

Thank you to all LAs for the work they have put in to prepare their organisations for the basic auth deprecation and remediate affected accounts as needed.

Portal Issue – LA functions
Details of the issue whereby an error message was being throw when LAs trying to undertake certain LA functions on 23 May.

INC35997807 – Portal Local Administrator Functions – RESOLVED – NHSmail Support

Relay issue – Delayed delivery –

Details of the email delivery delay issue also identified on 23 May impacting various external and internal domains.

INC36002954 – Delayed Email Delivery – RESOLVED – NHSmail Support

Public vs Private
Reminder that in the majority of cases Teams, SharePoint and Stream content should be set to Private rather than Public or visible to Everyone in my organisation. If content is set to be accessible by Everyone in my organisation, this will make the content viewable by every user on the NHSmail shared tenant which is unlikely to be appropriate in most cases.

As you will all be aware, we have the privacy notifications in place that are triggered when any Teams, SharePoint or Streams content is change from the default Private setting to Public and notifies both LAs and the content owners. However, we’re still seeing quite a lot of the content that is being set to Public and then left as Public. It is the responsibility of LAs and content owners to review and act on any privacy notifications received.

To try and help organisations with this we will be sending out some additional comms in the near future to give organisations a better picture of their numbers in this space.

• NHSmail Roadmap – NHSmail Support has been published with addition of Microsoft Defender for Endpoint slides
• Overview of the new elements of licence agreement for example: audio conferencing.
• Basic Authentication Deprecation – NHSmail Support progress update
• Conditional Access for the MFA progress update
• Accenture Team update

General updates:

• Basic Authentication presentation covers how users can register their applications to use OAuth 2.0; how users can configure their applications depends on the software they are using.
• Brief Service management updates: Multi-factor Authentication abroad update,
• A reminder that the Teams Rooms Licencing expiration date is July 1^st
• A reminder about the GP telephony deadline expired on 30 April 2023 and is now following a 30-day grace period
• Bulletins and communications – NHSmail Support – latest bulletin can be found here
• Latest LA bulletin is available on NHSmail support pages

Technical Architects updates:

• Roadmap now includes MDE changes and updated application approved/rejected
• Basic Auth deprecation updates for EAS/RPC
• GP Phone System decommissioning
• Security Groups work has begun; delivery is planned in 3-4 months.
• Self Service Password Reset – status – work in progress

Other information:

We will establish a page for events that are taking on in the NHSmail team. Various Deep Dive sessions are available on the NHSmail support pages and are listed below.

• Intune,
• Phone System Deep Dive
• Conditional Access Deep Dive for Bring Your Own Device
• Planning TanSync Deep Dive for June/July

Infrastructure Upgrade 21-23 April

Information – Planned Infrastructure Upgrade (NHSmail Datacentre) – Postponed – NHSmail Support

Updated note: this upgrade has since been postponed and new notifications will be added to the Announcements section of the NHSmail support site closer to the new dates.

Guidance regarding the relay config – https://support.nhs.net/knowledge-base/relay-configuration/

VN121B Release – 13 April 2023

The VN121B release was successfully deliver last week.

This release included a fix for the Multifactor Authentication (MFA) disablement bug mentioned on the previous session and after a period of monitoring post-release we can confirm that fix included in the release has resolved this issue.

The release also included a fix for the MFA status report issue we saw around the report timing out and not running for organisations. We have also been monitoring this since the release last week and can confirm that the timeout issue is resolved. We are aware that there are one or two tickets from organisations about this report, but these do not appear to be related to the timeout issue that the release fix was targeting and are being picked up separately

Portal Issue / Microsoft Global (SMB) Issue / Email Send Issue
We’ve had 3 key issues this week affecting the service, all of which are now fully resolved.

Further details on each can be found on the announcement links below:

• Portal Slowness:INC35358395 – Portal Slowness – RESOLVED – NHSmail Support
• Microsoft Global Issue (NHSmail impacts):
  INC35398047 – Shared Mailbox Access Issue – RESOLVED – NHSmail Support
• Intermittent email send issue to Microsoft email addresses:
  7016347354 – Issues Sending Mail to Microsoft Email Addresses – RESOLVED – NHSmail Support

Public vs Private

Reminder that in the majority of cases Teams, SharePoint and Stream content should be set to Private rather than Public or visible to Everyone in my organisation.

Current guidance: Private vs. public settings in O365 – NHSmail Support
Privacy monitoring: O365 Privacy Monitoring – NHSmail Support

MFA Update
Update: the NHSmail MFA policy has now been published: NHSmail MFA Policy – NHSmail Support

Next webinar – Basic Auth demo – 5 May 2023

We will also have a demo on the next webinar around the basic auth process that will cover the use of both in-house and third-party applications that need to register with Azure Active Directory ahead of the basic auth deprecation deadline in June

Infrastructure Upgrade (Hemel) 14 April – 15 April –

Information – Planned Infrastructure Upgrade (Hemel Datacentre) – First Notice – NHSmail Support
Work will begin at 19:00 on the Friday and similar to the recent Slough upgrade, there will be 3 notices to raise awareness on the support site beginning from Tuesday 11 April.

During the change window, all traffic will be re-routed to the active data centre to ensure there is zero-impact on NHSmail users.

Please note that any remote organisations that use direct IP addresses rather than DNS to access the email gateways my potentially lose service during the upgrade activity. If you believe that your organisation is using direct IPs for any system config, we would strongly advice that these are changed to use our standard DNS settings to prevent any loss of service. The following guidance shows how this change can be made: https://support.nhs.net/knowledge-base/relay-configuration/

If changing to use DNS is not possible and significant end user impact that could potentially result in clinical risk during the change window is identified, please contact the Helpdesk for further guidance.

Whilst we expect there to be zero impact to end user, we would advise that you ensure that your service continuity plans are reviewed in advance.

High-Send Solution Issue (30 March) – INC35069133 – High Send Authentication Errors – Monitoring – NHSmail Support
This issue is fully resolved and the high-send solution is operating as normal. Full details of the incident can be found on the Announcements page.

Portal Slowness Issue (4 April) – INC35148773 – Portal Slowness – RESOLVED – NHSmail Support
Intermittent Portal slowness issue affecting the User Management section. This appears to have been a transient issue and no further impacts have been seen since.

MFA issue
Issue identified whereby a small number of platform uses have had MFA disabled as the result of a bug. An interim solution is now in place that will run every 30 minutes during the working day to reapply MFA to any users who have been affected by this.

Please note that this only impact users who fit a specific set of criteria and have also had MFA enabled via either their LA or self-enrol. Users with role-based MFA or who have had MFA enforced by the compromised account process remain unaffected.

A high priority permanent fix is under development and will be released as soon as possible.

Telephony Deep Dive – Reminder
Reminder that the Telephony Deep Dive session will take place on 17 April.

Form to register interest – https://forms.office.com/Pages/ResponsePage.aspx?id=slTDN7CF9UeyIge0jXdO48nRfTTqG_pEn5qR_xNEMv5UQlhPRFpWQ1lFWTBNMzdGUDExMlA0UTlNRSQlQCN0PWcu

Basic Authentication Deprecation
Update provided by David Middleton

SSPR demo

Overview provided by Hector from the Accenture team.

TA Update

Reminder that the legacy alluser groups will be removed later in the year. Organisations should review all uses of these groups to ensure that the new version is being used.

Platform-wide MFA
Update provided by Jess Davenport.

Technical Update:

• Basic Authentication Depreciation reminder about upcoming changes
• Phone system launch and deep dive webinar planned for 17 April 2pm-3.30pm.

Centre of Excellence:

An overview of the NHSmail Solution Store – an app that aims to encourage collaboration and share best practice

Multi-factor Authentication (MFA):

INC34945419 – Multifactor Authentication (MFA) Prompt – RESOLVED – NHSmail Support

It has been confirmed that the issue has been caused by a recent update applied to a section of Microsoft infrastructure responsible for regulating user geo-location.

MFA report – looking to fix in early April and will exclude deleted permanent accounts

Angela Goody from NHS HERTFORDSHIRE AND WEST ESSEX ICB – produced a video on XLOOKUP, this demo is for the MFA report and mailbox report and how best to utilise them both – Thank you very much for your support.

The next LA webinar will be held on Thursday 6 April and will include an overview of the new Self Service Password Service.

Technical updates:

The dates for the retirement of the EAS and RPC, EWS, POP, IMAP, and RPS protocols and the implementation of Basic Authentication have changed.

Please refer to the Basic Authentication Deprecation guide on the NHSmail support sites if you’re interested in learning more about the implications for your organisation.

Telephony update

INC34485546 – Scan to E-mail Delivery Delay – CLOSED

After mail delays and discussions with our third-party supplier, we changed the configuration of Relay to improve peak processing stability and efficiency. These modifications have eliminated mail delays. We appreciate your patience and apologise for the inconvenience.

Fast track availability reminder:

Until June 30, 2023, the NHS will be able to take advantage of the Fast Track tool for migrating personal and shared data to OneDrive for Business and SharePoint Online. Please see NHSmail FastTrack File Share Migrations | Requirements – NHSmail Support for further information regarding this service.

Centre of Excellence:

Update on Power Platform Data Lost Prevention Policy changes which can be found on NHSmail support pages Power Platform Guidance – NHSmail Support

New features and improvements for the Asset Booking Tool implementation process are on the horizon. Information on how to do this can be found on the NHSmail support sites dedicated to the Desk Booking App.

Multi-factor Authentication (MFA) update:

An up-to-date explanation of the issues affecting the MFA report and the proposed iterative approach to fixing them by combining the data from the Mailbox Report and the MFA report is now available. For more info, check out NHSmail Support Pages about – MFA Status Report

To further ensure the satisfaction of LA Webinar attendees, MFA will be added as a regular agenda topic.

Other information:

NHSmail all user survey: Please thank everyone who helped spread the word; we got almost 58,000 answers; this is fantastic!

On March 21, 2023, we will be disabling Yammer’s public Storylines to reduce spam communications.

Service Updates:

Portal Access issue – 20 February – Resolved

INC34412483 – Portal Intermittently Inaccessible – RESOLVED – NHSmail Support

Intermittent Portal access issue occurred on Monday 20 February causing an error when users attempted to log in.

MS Bookings issue – 14 February – Resolved

INC34265287 – MS Bookings Admin Functions – RESOLVED – NHSmail Support

Issue with MS Bookings preventing users from adding or amending Bookings calendars within the NHSmail Portal.

Release updates:

Dickson release delivered on Thursday 2 March – Dickson Release – Content Summary – NHSmail Support

Key items:

• PnP update – functionality returned to the platform for use by LAs.
• My Approvals performance update – 58913
• Guest Inviter view update – 47507
• MAC email notification updates – 70222 / 70928

The service will be moving to a new release cadence post-Dickson that will see smaller releases being delivered on a shorter cycle to ensure we get new features out onto the platform sooner.

Service Reminders:

Old NHSmail Power Platform default environment decommissioning

Reminder that the old NHSmail Power Platform default environment has now been decommissioned in full.

Information – Power Platform Old Default Environment Decommissioning – NHSmail Support

NHSmail access from outside the UK

Also a reminder for anyone who wasn’t able to make the last webinar, that we have recently made changes to NHSmail access from outside the UK and recommend that organisations ensure that MFA has been enabled on accounts prior to users leaving the UK if NHSmail access is going to be required.

Information – NHSmail users working outside of the United Kingdom (UK) – NHSmail Support

NHSmail annual survey reminder

Final reminder from me that the NHSmail annual survey is now live for responses and will be open until Friday 10 March.

We’d like to encourage as many people to respond as possible as the more feedback we get from yourselves, the more we can improve the service to meet your needs.

https://survey.nhs.net/nhsmail-user-survey-2023/

Other Key Updates:

• MFA Update – platform-wide enforcement announced.
• REMINDER: BYOD Technical Deep Dive session (28 February) – Bring Your Own Device Security Controls | Overview and Deep Dive Webinar – NHSmail Support

Telephony capability overview

• Delivery delay issues  

Two issues with delayed delivery of emails either to or from external domains this week

The first issue occurred on Monday and only had intermittent impacts which were very minor. The issue was resolved quickly, and the queues completely cleared by close of play on the same day. 

Further information here: INC34183362 – NHSmail Delivery Delay – RESOLVED – NHSmail Support 

• The second issue occurred on Thursday and further details can be found here: INC34243035 – Mail Delivery Delay – RESOLVED – NHSmail Support 

• Old NHSmail Power Platform default environment decommissioning
  Information – Power Platform Old Default Environment Decommissioning – NHSmail SupportUpdate regarding the old NHSmail Power Platform environment which will be decommissioned from this week.This should have minimal to no impact on organisations as the new default environment with updated data residency in the UK has been in place since September 2022. Any specific PowerApp users who will be affected have been contacted via target comms over the last few weeks with details of any actions required. 

•  NHSmail access from outside the UK
  Information – NHSmail users working outside of the United Kingdom (UK) – NHSmail SupportPlease be aware that a change was implemented on Friday evening (10 February) that will require any users attempting to access the service from outside the UK to have MFA enabled on their accounts. 

• NHSmail annual survey – will go out this week for users to respond to.  

• Chatbot walkthrough & demo – Accenture team 

• Deskbooking App walkthrough – Centre of Excellence team

• Teams Delete Status Portal issue – resolved

On Tuesday of this week, we had a recurrence of Teams showing as deleted in the NHSmail portal, which has now been resolved.

Please take into account that the problem on Tuesday was only cosmetic, and there was no loss of Teams or Teams data at any point.

Full details – INC33938944 – Teams Group Status – UNDER MONITORING – NHSmail Support

• Microsoft O365 issue – resolved

Those on this call will also be aware that there was a global Microsoft issue this week that may have impacted your users’ access to O365 services.

This incident has been fully resolved and details can be reviewed on the support site:

Microsoft 365 Alert – Service Degradation – Microsoft 365 suite – Users may be unable to access multiple Microsoft 365 services – RESOLVED – NHSmail Support

• Portal slowness issue – resolved

On Wednesday morning, we experienced a brief intermittent issue that caused Portal slowness for some users.

This was quickly resolved with little disruption to the service.

Full information can be found on the Announcements page – INC33981101 – Portal Slowness – RESOLVED – NHSmail Support

• Multi-Factor Authentication (MFA) Number Matching

We enabled number matching for all users of the Microsoft Authenticator app on Thursday evening (25 January 2023).

This is to ensure the change is managed closely, prior to the enforced change by Microsoft starting 27 February 2023.

Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator.

When a user responds to an MFA push notification using the Authenticator app, they will be presented with a number. They need to type that number into the app to complete the approval.

We expect this change to have no negative impacts for users and any issues should be reported to the Helpdesk.

We have also updated our current guidance to reflect the new number matching capability and the guidance can be found here:

Getting Started with MFA – NHSmail Support

• NHSmail access from outside the United Kingdom (UK)

We would also recommend that MFA is applied to the accounts of any users who may have a valid need to access their NHSmail from outside the UK as permitted by your organisation’s own local policies before they leave the country.

We do not recommend that users access their account via non-corporate VPNs when outside of the UK as there is a risk that their access will be blocked.

In the near future, we will be enforcing MFA on any connections to the service made from outside the UK. Where MFA is not in place, the user will be unable to access their account or any other NHSmail services.

More details regarding timelines for when this will be enforced will be added to the Announcement page of the support site shortly.

• Accessibility: Teams Live Captions

Please note that function to turn on/off Live Captions in Teams has moved and now sits under Language & Speech within the extended settings menu.

• NHSmail survey

The NHSmail survey is due to go out in early February.

General update:

• All user survey – the questionnaire will be released shortly
• Accessibility: Sign Language View – available now in Microsoft Teams
• Information Governance – update on number matching on the authenticator app

Technical update:

• New roadmap published: NHSmail Roadmap – NHSmail Support
• MFA, which will shortly be implemented, is necessary for access from outside the UK.Planning to change the default behaviour for new accounts to require MFA by default, and you will need to delete it if doing so puts your organisation at clinical risk
• The projects for conditional access and the phone system have begun and are scheduled to be completed in the first quarter of 2023. Thank you to everyone who responded to the deep dive survey, and please feel free to join the deep dive sessions as soon as they are announced.
• Legacy Security group housekeeping – allusers moving to allusersgroup.
• MMA – Microsoft management agent – deprecation in MDE
• Azure will no longer accept connections from older versions of the Windows Log Analytics agent, also known as MMA that uses an older method for certificate handling. The affected versions are Windows 7 SP1, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012 R2/2016. The new minimum supported MMA version is 10.20.18053.0 Expected: February 2023
• Office 2013 will reach end of Extended Support on April 11, 2023. MC482560 | December 10 – This is a reminder to post (MC357842, April 2022): Office 2013 end of support: Reduce your exposure to security risks by moving to a newer version of Office. Office 2013 will reach the end of Extended Support on April 11, 2023. This means Office 2013 will no longer receive security updates, bug fixes, technical support, or online technical content support after April 11, 2023.
• Additional guidance in CVE-2022-41099 for devices with WinRE. Devices with Windows Recovery Environment (WinRE) will need to update both Windows and WinRE to address security vulnerabilities in CVE-2022-41099. Installing the update normally into Windows will not address this security issue in WinRE. For guidance on how to address this issue in WinRE, please see CVE-2022-41099.

Presentation from Erin Barrett on the Portal Modernisation work.

Update from Nathan Steven on the forensics change

Reminder: this is the last webinar until Friday 13 January 2023.

Local Administrator Webinars

Final Local Administrator (LA) Bulletin of the year will be sent on Monday 19 December.

Culley portal release went in on the 8 December. The release notes are available on the NHSmail support pages.

The NHSmail roadmap has been updated and is now available on the NHSmail support pages.

The NHSmail O365 onboarding partnership webinar and slide deck is available on the NHSmail support site for those interested in data migration options.

CIS2 – Reminder – NHSmail Services sign in page – Planned Upgrade – NHSmail Support

PLA – unable to assign a PLA, workaround is to ask the desk. KB article to be published shortly

Onboarding webinar on the 30th, open to any NHS organisation to hear about our on and off boarding offering from all suppliers. There will be a Forms to complete, invites for those registering an interest will be sent by 28th

Forensics output is to be changed – download direct from eDiscovery. Further update and guidance to be ready for next webinar

MFA – interim process for allocating MFA to more than 50 users in an org Interim Bulk Enable MFA process – Local Administrator (LA) Guide – NHSmail Support

NHS E/D merger – 6 January, brought forward from April. Everyone deals with change differently, we will continue to be professional but please be aware there is a likely 30 – 40% reduction in organisation size

Townhall – Slides will be published soon N365 Shared Tenant Town hall Events – NHSmail Support

Matt – tech update
Phil – SharePoint 2010 migration offering
Jess – MFA and a pilot around authenticator app

Tech update – Matt Brownhill provided an overview

Mailbox rules – now disabled when an account is compromised, please review them with the user before enabling

Safe Links/ Attachments – will be rolled out across the estate to all by 28^th October, all user comms will be sent Monday. Existing applications accounts are excluded but new application accounts created after 28^th October will be included.

MFA – thanks for those attending the webinar last week, recording is available. Please drive home the message to roll it out to your senior managers

Comms update – Chris provided a view of the comms route available to organisations and a couple of the planned comms next week

Portal release – expected next Tuesday, Self Service Password Reset will be re-enabled.

MFA LA webinar (14th October)

NHSmail Collaboration Team minor changes have been made since the last webinar to improve the usefulness of the team and its associated channels, such as the NHSmail community support channel which has already been useful in highlighting a national issue.

SafeLinks Pilot – Safe Links and Safe Attachments are part of Microsoft Defender and will build on existing security features to protect NHSmail users from receiving and mistakenly interacting with malicious emails.

CSOC/Helpdesk interface improvements have been proposed to enhance the experience of LAs when accounts have been marked as compromised. This means the LA should know who to speak to within their own organisation when an account is compromised.

Basic authenication deprecation user comms sent via no-reply on 21 Sept to 74911 account users with legacy protocols identified as still being in place.

PLA comms will be sent on 27 Sept as a follow up.

TLS deprecation comms was sent on 22 Sept 2022.

Cotman release will be going ahead on the 27 Sep – Release notes are available on the support site – Cotman 1.0 Release – Content Summary – NHSmail Support

· Sarah Harding to give an update on the Auto expanding archive work

· Jess Davenport will cover MFA changes in the Cotman release

· TA updates from Zaheer Iqbal

· Hafsa Hersi to present a brief overview of the portal modernisation work

· Hector Pena Olarte to present on CIS smart card work

Teams end-to-end call encryption feature
This has been enabled within the tenant this week to add an additional layer of security to specific calls that may need additional encryption.

Teams is already secure, so this is an add on layer that users can switch on for one-to-one calls via their individual Teams instance.

Please be aware that both users involved in the one-to-one call have to enable the end to end encryption to access this feature.

We are also working with Microsoft to introduce live captions functionality for end to end encryption as this is not currently supported.

Inactive Accounts on NHSmail
As part of wider work we’re doing around aligning all account lifecycle activities on the service, we will be reducing the amount of time that accounts can sit in an inactive state from 90 days to 30 days in the near future.

This change will only apply to user accounts and application accounts will not be affected.

We’d like to encourage everyone to make sure that any accounts that are being used in your organisation for application account activities – including the bulk sending of appointment reminders and similar workflows – are correctly configured as application accounts on the NHSmail portal.

MFA newly created accounts/onboarding orgs
To ensure that our platform security posture fits with the current cyber security landscape, we are looking at introducing MFA as standard on all newly created accounts and for all onboarding orgs in the near future.

MFA – key user groups
As well as future planning around MFA, we would strongly encourage that all of you on this call consider applying MFA to certain key user groups – such as Finance, Procurement, HR and office-based staff – within your organisations straight away.

This will ensure that users in roles with a higher risk profile are better protected and this is also good first step towards preparing your users for any wider roll out of MFA in the future.

Teams Cloud Video Interoperability Service retirement – 28 October 2022
Reminder that the CVI service will be decommissioned on 28 October at 7:00pm

PLA/LAs for organisations who have made use of the CVI services have been contacted by the team.

NHSmail AD Sync Issue – INC31018469 – NHSmail AD Sync Issue – RESOLVED – NHSmail Support

Coombes release – Coombes 1.0 Release – Content Summary – NHSmail Support
Successfully deployed 11 August – full details of the release content can be found on the link above.

Welcome email update – Welcome new users to NHSmail – NHSmail Support
The Welcome email received by new users when their accounts has been updated and comes into effect as part of the release that went in last night.

New users will be redirected to a new support site area as part of the Welcome email that contains useful information on some NHSmail basics.

Disable MFA for 48 hours on compromised accounts – Disabling MFA for 48 hours – NHSmail Support
This will allow enforced MFA on a remediated compromised accounts to be removed for a 48 hour period where access is needed and the MFA cycle cannot be completed.

MFA will be reapplied to the account at the end of the 48 hour period.

Teams Cloud Video Interoperability Service retirement – 28 October 2022 – Teams Cloud Video Interoperability Service – NHSmail Support
This service was initially stood up to support organisations with the challenges of legacy VC equipment being in place and the interoperability of this with Teams during the Covid-19 response where virtual engagement became a key lifeline for the NHS. Over that period, we’ve seen a vast increase in the use of Microsoft Teams and a decision has now been made to decommission the CVI service on 28 October 2022.

Impact: any users who attempt to use the CVI service after 19:00 on 28 October will be unable to connect.

InTune update
Total of 129 organisations have now migrated to the new InTune model which is great news.

LA support site review – reminder  LA support site review (Teams channel)

Reminder that we have a new channel in the LA Team for support site review contributions which has a terms of reference pinned at the top. This channel is very much designed to get your input on what support site areas that are frequently used by yourselves to support your users need our attention in terms of updates.

Acceptable Use Policy (AUP)

Presentation on the AUP changes. If you have not accepted the AUP after the update (completed 13 July) your access to Microsoft 365 applications, including non Microsoft 365 applications registered against Azure Active Directory will be blocked.

ICB/ICS

CCGs will be renamed to reflect their change to ICB sub locations and link them to their relevant Integrated Care Board, it may take some time to propagate across the tenant.

Licence top-ups for non-enterprise agreements

• New process allows these organisations to purchase a top up licence without the need for a Microsoft Enterprise Subscription Agreement
• All online and has a ‘catalogue’ of the approved licences for onboarding
• Microsoft licensing queries to come in to windows10@nhs.net

Centre of excellence published SharePoint best practice guide 

Chadwick portal release due next week, MFA reminder

TA updates from Matt Brownhill

• Legacy browsers
• Basic authentication
• Solution to address the deprecation of TLS 1.0 and 1.1

Presentation from Nick Hall on Bookings and how that has helped his organisation.

Bird Portal release was implemented last night.

MFA on compromised accounts due w/c 4 July.

MFA mass enablement – foot off a little and is likely now NOT to rolled out by us but rather locally. We will be publishing our user research and suggestions to help you with discussions internally on how you may want to roll out locally within the next couple of months.

Company Communicator – starting a pilot for local orgs to use, contact us at feedback.nhs.net

New tool tip, aims to highlight first contact from a user that you do not usually receive email from. Helps to reduce phishing attacks/prompt for awareness. In place w/c 27th June –New anti-phishing safety tips – NHSmail Support. 

Service Management updates:

 Egress have combined their plugin with LFT after reacting to feedback, this is going through testing, a link will be provided and a support site updated.

Confirm that MFA is on compromised only accounts, this is just a recap of something that has been mentioned before. A date will be announced subject to testing.  A support site article will also be updated.

Slough had a core switch and perimeter switch on 08/04/2022 which went through without issue, the Hemel On-Prem DC Core Switch and Perimeter Switch Software Upgrade will take place on the 6^th May.

Revisited the escalations process

NHSmail Incident Procedure

Complaints and Escalations Process

 TA updates from Anne Anghelache

 – Sensitivity labels coming soon coming around May – date to be confirmed

– Shared Channels

– Blocked filetypes

– Solution to address the deprecation of TLS 1.0 and 1.1

Data sensitivity – presentation from our Accenture colleagues Diulia and John

Viva Insight – presentation from Microsoft’s Jack Lauricourt

Digital Heroes – Digital Heroes – NHSmail Support nearly at our target of 3000

TLS comms – have been sent to over 1000 orgs to your PLA for the period 12-18 March 2022

CCG short name – written to every PLA impacted by the ICS creation

PLA role – should not be using an Out of Office (OOO) to state they don’t monitor their account

NHSmail Roadmap – has been updated. Please pay specific attention to the new Deprecation Roadmap, ensure you pass this detail to your infrastructure teams who would deal with this

NCSC Cyber Aware – NCSC.GOV.UK campaign, use three random words as a password. Already in our guidance, please re brief your user base

Security filters – amendments taking place, may result in NDR being received – Non Delivery Reports (NDRs) – NHSmail Support

MFA on compromised account – via portal release expected May

Slough DC – rescheduled work, due tonight

Joined by Egress on some initiatives they’ve been working on and an update of the security features of NHSmail, including compromised accounts and EOP

Compromised accounts – MFA will be enrolled onto all compromised accounts without exception

Portal release – on target for w/c 14^th March, subject to testing. Currently includes EOL create accounts and user access to another user’s OneDrive for a period of 8 hours, one item to note it will give the delegate AND grantee access to the OneDrive. You need to set your own guidelines for this use, NHSmail will not be governing this

Outlook 2010 – issue with windows 7 and TLS 1.2 impact being not able to gain access. Please use the Easy as note here – Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows (microsoft.com)

TLS Deprecation

Reminder of upcoming changes to the support for TLS 1.0 and 1.1 in Azure AD and ADFS. TLS versions 1.0 and 1.1 are no longer compliant with the latest security requirements and are being retired – as such we strongly advise that organisations start transitioning to TLS1.2 as soon as possible to avoid any service impacts.

Initial checks have identified that there are connections to business applications which are still using unsupported actions. Please ensure that you identify any users or applications within your organisation where unsupported TLS versions are still being used and ensure that appropriate actions are taken to transition these. Further guidance is available on the NHSmail support site.

The deadline for the deprecation is 30 June 2022.

Digital Heroes
As I know you’re all keen beans who like to champion technology in your own organisations, I wanted to make you all aware of the NHSmail Digital Heroes initiative.

A Digital Hero is a technology champion who will help colleagues improve their digital skills and provides training to those involved. This is a great way to help build peer learning networks in your organisations around Teams & O365. We’re currently recruiting for the first cohort which starts on 21 Feb and is open to 400 people. A further 400 people will be able to join the future cohort that is planned for March/April time.

People can sign up to take part via the NHSmail support site – Digital Heroes

Company communicator

Company Communicator will be pinned in Teams. This is something that was highlighted in the recent NHSmail survey as something that users would prefer to see rather than having updates appear as just another chat message in the list.

Local Company Communicator
We’re aware that some of you have asked about accessing your own local version of Company Communicator for use within your own organisations. This is now in the final stage of Technical assessment and we hope to be able to provide further details on when this will be available to you in the near future.

Office 2010 connectivity

Connectivity until 1 May 2022 – excellent work so far to move away from 2010, but we need a last concerted effort to move users off this.

We’ll post a list of the top 20 organisations who are still using Office 2010 into the channel shortly for awareness.

Any queries on this, please contact windows10@nhs.net

Brief SM updates:

Wellington 2.0 portal release, https://support.nhs.net/2022/01/wellington-2-0-release-content-summary/ support site summary released.

LA bulletin sent out 28 January – Local Administrator (LA) bulletin – 28 January 2022 – NHSmail Support one of the topics of which, is;

Microsoft Depreciation of TLS 1.0 and 1.1 in Azure Active Directory (AAD) and Active Director Federated Services (ADFS)

On 31 January 2022 Microsoft are planning to deprecate their support for TLS 1.0 and 1.1 in Azure AD (AAD) and Active Director Federated Services (ADFS). TLS versions 1.0 and 1.1 are no longer compliant with the latest security requirements and are being retired. We strongly advise that you start transitioning to TLS 1.2 as soon as possible to avoid any service impact.

 TA updates from Mark Ward

Unsupported browser stats

Mailbox report – byte values will be changed to a more useful representation

New portal role for policy management under development

New app approval: Adobe Acrobat DC for editing PDF files is now available in Teams, but this is a licenced feature

Same Sign On  – guest speaker from Accenture

​Mark introduced John Anderson to discuss same sign on  – PowerPoint to be shared

Company Communicator – pass on survey request to complete to your user base. Two reminders will be sent.

Password changes and LA comms – Application account letters are not going out with the mailbox id, this is being addressed in the point release due w/c 24 January.

More training is available – https://support.nhs.net/knowledge-base/n365-shared-tenant-virtual-training/

Portal release – The tentative date is W/C 24/01/2022 for a point release, this will be for the create account directly onto EXO that was descoped from Wellington.  York Release is has tentative dates W/C 21/02/2022.

LA Bulletin – Local Administrator (LA) bulletin – 17 December 2021 – NHSmail Support

Portal release – delayed and create on Exchange Online is being de scoped due to identified issues during testing, hopefully due this weekend subject to successful testing

Teams Telephony – is being rolled out this weekend to support this NHS E/I/X initiative. Support site has all the relevant details listed and including contact details for GPs still wishing to register

New style meeting – restart on 14 January 2022 which will be agenda led. We really want to hear from you, your organisation and what works.

Update for anyone in a CCG. A Live Event was held on 8th December, 2021 regarding potential changes to NHSmail as a result of the CCG/ICS reconfiguration. This has been sent to CCG PLAs, CIOs and ICS programme heads. The recording is available above.

Clinical safety case – published in full, https://support.nhs.net/article-categories/nhsmail-o365-shared-tenant-clinical-safety-case-report-and-hazard-log/

Egress – are finalising some how to/help videos, this will explain in more depth secure encryption, large file transfers as well as additional functionality that Egress provides, there will be around 5 videos in the coming weeks, we’ll post up an announcement in the collaboration channels when available.

Merger with NHS E/I and X – expected to be a lift and shift, this type of forum is vital to keep channels of communication open. No immediate change anticipated – https://www.gov.uk/government/news/major-reforms-to-nhs-workforce-planning-and-tech-agenda

Only individuals who are registered with NHS England as GP locums via the National Performers List are able to be added to the National Administrator Service on NHSmail. Further information on the registration process can be found here. 

Outside of the core NHSmail provision there is no further funding at this time for additional licences, however discussion are currently ongoing across NHSX and NHS England & NHS Improvement regarding this and we are unable to provide any further updates until these have been concluded.

The NHSmail DNS team will be performing Disaster Recovery testing of the NHS Extended DNS service on the 09th, 10th and 16th October between the hours of 10:00 and 18:00. No interruption to the Extended DNS service is expected during the planned Disaster Recovery testing. Due to the Extended DNS Service providing NHSmail ancillary services such as CVI, this announcement has been provided for awareness.

Your organisation may wish to review local BCDR plans though no interruption to any service is expected.

Since 1 April 21, we’ve hosted 14.515m calls and 32.244m meetings, fantastic achievement for us all in helping the NHS move forward in collaborative working

Invitation to the Intune Webinar on the LA channel

Advised ICS / ICB and ODS changes are being fronted off by NHS E/I with support from the ODS team. NHSmail team have no further info at the moment and cannot help with any calls or further updates at this time.

Indefinite hold updated across the Platform for those organisations in scope, working with each now to address the scope and next steps. Hygiene activities across the platform are being updated with Active/Inactive app settings now being included. SharePoint Online site capacity comms about to start with the top 20 site owners/org, for changes to be made. OneDrive/SharePoint reporting tests being carried out – to verify recent examples of data being incorrect. EMS/Intune updates provided by TA’s. Telephony updates provided by TA’s. Mailbox quotas and dumpster updates. ICS Planning with NHSE/Microsoft ongoing  – with workshops being planned.