Create a new User Policy
- Log in to the NHSmail Portal using your nhs.net credentials (the Admin toolbar will only show for LAs)
- Navigate to Admin > User Policy Management
- In the User Policy List page, click on Add > Create User Policy
4. Select the organisation you want to create the policy for, name the new policy and add a description to it if required
Note: only the organisations you are a LA for will appear in the drop-down menu
5. Select a base licence from the drop-down menu and an add on Licence if required.
Note: The base licence will be what is provisioned to your organisation through the nationally allocated N365 Office 365 licence pool. If your organisation has also procured other licences and onboarded them to the NHSmail central tenant – E.g. E3 or E5, these will also appear in the drop-down box. Examples of add on licence types include functionality like Dial-In Conferencing, Visio or Project. Again, these will only appear if directly procured by an organisation and onboarded.
The nationally allocated base licence (otherwise known as N365, E3 Restricted or E3R) will show as: ACCENTURE – LSP01 – National – Office 365 User – 30/04/2023.
6. You can then toggle on or off any applications as required for the new policy you are creating. Please refer to the O365 Feature Guidance article for more information on what each of the O365 applications does.
Any applications included in the base licence appear and can be controlled via toggles.
Add-on licences must be applied to the policy via the drop-down menu – these will not appear as toggles. Multiple add-on licences can be applied to the same policy via the drop down menu licence.
Apps for Enterprise: When applied as an add-on, all the different O365 applications included within this licence type will be enabled by default. These are included below and are not currently configurable through toggles:
- Forms (Plan 1)
- Office Web
- Office Desktop
- Sway
- OneDrive for Business (Plan 1)
- Whiteboard
Whiteboard, Forms, Sway host data outside of the UK and as mentioned above will be applied automatically through the Apps for Enterprise add-on. It is the local organisation’s responsibility to determine if it is appropriate to use these apps, subject to local risk appetite and Data Protection policies on offshoring.
Visit this guide to find out about managing mailbox size quotas.
Enabling users with MFA using Policy Management is no longer supported. To bulk enable and disable MFA for users, click here
The Rangoon Portal Release included a fix for an issue whereby, for some licence types, the enablement/disablement of application toggles was not working correctly. Users may find that they could use an app, despite that app being toggled off in the User Policy on the Portal UI, and vice versa. The fix applied with the Rangoon Portal Release ensures that the application toggles now apply correctly to all assigned licences, a reconciliation job is ran whenever a user is added to a User Policy, or the User Policy or User Details are updated, which results in a synchronisation between the Portal UI toggle and the back end so that they match.
Where a user belongs to a User Policy which was created before 18/12/2020, Organisations may find that they are still seeing this issue. This is because, although the fix ensures the toggles apply to all licences, a reconciliation needs to be run to force a synchronisation to take place. The easiest way to fix this is to undertake a blank update to the User Policy in question which will force a synchronisation for all users assigned to it, or to update the details of the user impacted to force the same synchronisation to happen
- You can add members to the policy by selecting the Add button and searching for the user
Note: The Import button can be utilised to add users in bulk if required
- Once selected, click Update and a green success pop up will appear at the top right corner of the screen to confirm the user has been added.
Handy Tips:
- User policy names are automatically prefixed with the (ODS) code of the organisation the user policy belongs to
- Duplicate names: A single organisation cannot have 2 user policies with the same name. However, 2 or more different organisations can use the same name for their policies.
- The name must not be more than 40 characters and may contain letters, numbers and spaces. Special characters are not allowed.
- The description must not be more than 250 characters and may contain letters, numbers and any special characters.
- LAs can add a maximum of 5,000 mailboxes at a time to a policy through the bulk update process. If the policy is larger than 5,000, the bulk import process can be repeated
- The Teams Call Recording toggle will be enabled by default on all newly created User Policies. It can be turned off in the Applications Settings box
- If an LA disables all the User Policy application toggles, but applies the Apps for Enterprise add-on – the users within the policy will still have access to all the applications provided through Apps for Enterprise, including OneDrive
- Microsoft provide a grace period for SharePoint/OneDrive access. If LA’s disable the toggle for these applications in a user policy, there will be a period where users can continue to access the applications. LA’s can delete a user’s OneDrive content where appropriate and SharePoint Site Owners can actively remove access from Site Collections if needed
Creating a new user policy and adding users into it will automatically remove them from the National User Policy for that organisation – and as a result, they will lose the standard O365 configuration and be given access to whatever applications are enabled in the newly created custom policy.
| Last Reviewed Date | 27/09/2022 |
