This article outlines the third party and custom applications which are approved and available with the NHSmail Azure AD / Office 365.
The applications listed below have passed a hurdle assessment https://support.nhs.net/knowledge-base/application-hurdle-assessment/ conducted by the Technical Design Authority (TDA). It does not include the core Microsoft Office 365 applications, available here: Core 365 Application Catalogue (SharePoint, App Source, Teams)
Assessments are carried out at tenant level; we recommend that local organisations conduct their own internal assessments prior to using an application.
This is to ensure the application is appropriate for an organisation’s specific use case in terms of functionality and adheres to any local security or clinical safety requirements.
Considerations ahead of any assessment are:
What access permissions does this application/feature need to be used or to access data already stored in the NHSmail shared tenant?
Does this application/feature store any data?
Does it need integration with any other Microsoft 365 application/feature?
Does the application/feature require targeted testing or can it be enabled for all users?
Does the application/feature require additional licensing?
Note: Failure to provide this information will lead to significant delays in progressing your application assessment.
If you are unable to access or locate an application that appears on this list, please allow some time for installation post approval. Once approved, applications are typically implemented within a two-week window.
If you wish to have an application assessed, please raise a request here: ServiceNow request process for O365 stores.
In very rare scenarios applications may be withdrawn from the platform due to updates that make them no longer compliant with NHS platform policy.
For further information around approved/rejected NHSmail applications, the request process or application access please visit the following articles:
Please see a full list of Applications broken down by application type below:
A-D
Accessibility Reminder
| Description | Accessibility Reminder is an add-in that provides a simple and effective method of notifying document authors and contributors to of accessibility issues. This solution adds reminder comments into documents with tips and links to help articles. This will help increase awareness and education of accessibility best practices. |
| Website | https://aka.ms/a11yApp |
| Application Support | Provided by Microsoft |
| Important Notes | Licensing: Anyone with a nhs.net account can add add-in in their excel document, once the add-in is enable and consent for everyone.
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. Clinical safety impact: The Accessibility Reminder does not introduce any clinical safety risk. |
Adobe Acrobat Teams App
| Description | With Adobe Acrobat for Microsoft Teams, the users of the PDF file format are providing a way to collaborate with everyone in their channel and collect feedback in a single PDF – without having to leave the Microsoft Teams. Receive activity notifications when others take action on documents. Reviewers can see and comment on each other’s feedback. To use real time collaboration feature, users must have an active account with Adobe. |
| Website | https://helpx.adobe.com/document-cloud/help/microsoft-teams |
| Application Support | Provided by Adobe |
| Important Notes | Licensing: Once the Teams app is consented, it can be used by all users. However, they will need an active account registered with Adobe.
Organisation Wide Sharing: The Adobe Acrobat Teams app will be consent at tenant level for all users. Clinical safety impact: The Adobe Teams app does not introduce any clinical safety risk. |
Advanced formula environment, a Microsoft Garage project (Add-on for Excel)
| Description |
Create and reuse formulas and functions.
Key features include:
|
| Security Impact |
There is no risk of data to being exposed out of nhs.net tenant this add-in just provides an option to create and reuse formulas and functions in excel.
No Consent Required.
|
| Data Privacy Assessment | The Advanced Formula add-in does not give any elevated access to the data or does not represent any data privacy risk. |
| Important Notes | Data Protection Assessment: Advanced Formula doesn’t store or share any data. The data can be shared by users as per the tenant sharing policy.
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. Clinical safety impact: The Advanced Formula does not introduce any clinical safety risk. Local Considerations: The add-in works for Excel Web and desktop clients. 3rd Party Integration: Office Apps / Excel |
AhaSlides – Live Polls & Quizzes
| Description |
AhaSlides is a tool to help presenters build interactive presentations that engage and excite their audiences.
You can create polls, word clouds and even full quizzes, then add them to PowerPoint for your audience to interact with live using their phones.
The AhaSlides add-in will help you…
|
| Security Impact |
There is no risk of data to being exposed out of nhs.net tenant this add-in just provides an option to create and reuse formulas and functions in excel.
No Consent Required.
|
| Data Privacy Assessment | The AhaSlides add-in does not give any elevated access to the data or does not represent any data privacy risk. |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add add-in in their word and PowerPoint Deskop documents, once the add-in is enabled.
Data Protection Assessment: AhaSlides doesn’t store or share any data. The data can be shared by users as per the tenant sharing policy. Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. Clinical safety impact: The AhaSlides does not introduce any clinical safety risk. Local Considerations: The add-in works for PowerPoint desktop clients. 3rd Party Integration: PowerPoint desktop app |
Autocad Web App
| Description |
Autocad WebApp allows users to access Autocad files on the web. The sign-in integration will allow users to open Autocad files from OneDrive and SharePoint Online
|
| Security Impact |
Consent Required: Yes
offline_access: Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions. |
| Data Privacy Assessment | Autocad WebApp allows users to access Autocad files on the web. The sign-in integration will allow users to open Autocad files from OneDrive and SharePoint Online. |
| Important Notes | Licensing Impact: Anyone with a nhs.net account should be able to sign-in and use Autocad files stored in OneDrive and SharePoint.
Organisation Wide Sharing: The app will be enabled tenant-wide for everyone. Clinical safety impact: The Autocad Web App does not introduce any clinical safety risk. Local Considerations: The add-in works for Autocad files accessing via web app. 3rd Party Integration: No. |
Aqua Mail
| Description |
Aqua Mail is non-cloud based email client to allow users to connect and manage multiple email accounts from a single mailbox
|
| Security Impact |
Type: Delegate
SMTP.Send: Send emails from mailboxes using SMTP AUTH.
Profile: Allows the app to see your users’ basic profile (e.g., name, picture, user name, email address)
offline_access: Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.
openid: Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information.
|
| Data Protection Assessment |
Aqua Mail is not cloud based, It only stores your accounts’ passwords on the actual phone / tablet. However, for 365 its usiing Modern Auth, therefore using Access token.
The data and information stored in your email inbox is confidential and not monitored, accessed, or modified by Aqua Mail.
Aqua Mail Headquater is in the USA.
|
| Important Notes | Licensing Impact: Anyone with a nhs.net account can use this, however Aqua Mail requires a paid subscripion.
Data PrivacyAssessment: Aqua Mail is not cloud based, It only stores your accounts’ passwords on the actual phone / tablet. However, for 365 its usiing Modern Auth, therefore using Access token.
The data and information stored in your email inbox is confidential and not monitored, accessed, or modified by Aqua Mail.
Aqua Mail Headquater is in the USA.
Organisation Wide Sharing: The app will be consented at the tenant level. Clinical safety impact: Aqua Mail does not introduce any clinical safety risk. Local Considerations: It’s Androd and iOS App. 3rd Party Integration: Exchange Online |
Asana for Microsoft Teams
| Description | Asana Teams bot is already enabed on the platform and it doesn’t require any consent. However, this request is to allow Asana to connect to 365 and access signed-in users Teams and the channels to post messages/updates. |
| Website | https://www.asana.com/ |
| Application Support | Any queries around the Asana bot would be dealt by individual trust support. |
| Important Notes | Security Impact:
Data Protection Assessment: Customer data stored within Asana—including tasks, projects, comments and attachments—can be stored and migrated to any available data region, including the new EU data center. Data Storage: Customer data stored within Asana—including tasks, projects, comments and attachments—can be stored and migrated to any available data region, including the new EU data center. If users are attaching to documents to Asana, then it will follow Asan’s process, as it is not uploaded/shared via 365. Data Privacy Assessment: Does the app or underlying infrastructure process any data relating to a Microsoft customer or their device? No Does the app or underlying infrastructure store any Microsoft customer data? No Does your application integrate with Microsoft Identity Platform (Azure AD) for single-sign on, API access, etc.? No Does your app store any credentials in code? No Does your app or add-in use additional Microsoft APIs? No Licensing Impact: This does not affect O365 licensing. Organisations will be required to have a valid license/subscription to use Asana service. Organisation Wide Sharing: The consent to Asana to connect to 365 will be at the tenant level. Once consented, it will be available for all users. Role Based Access / Tenant-in-tenant: This does not affect O365 licensing. Organisations will be required to have a valid license/subscription to use Asana service. Local Considerations: Organisations will be responsible to arrange the commercial aspects of the app. 3rd Party Integration: Microsoft Teams |
Breaktime
| Description | Breaktime is a PowerPoint add-in that can be used by users to add a Breaktime timer to their slide to show a breaktime countdown. |
| Website | https://appsource.microsoft.com/ |
| Data Residency / Privacy Information | https://www.flosim.com/breaktime/Privacy_Policy |
| Application Support | Provided by Breaktime (Flow Simulation Ltd) |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add add-in in their PowerPoints, once the add-in is enable and consent for everyone.
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. Local Considerations: The add-in works in PowerPoint 2013 or later on Windows, PowerPoint on Mac (Microsoft 365), PowerPoint on Windows (Microsoft 365) and PowerPoint on the web. |
Calendar Overlay
| Description | The Calendar Overlay web part allows you to view all of your Microsoft SharePoint, Planner, and Exchange events in one place! |
| Website | https://cloudwell.io/products/calendar-overlay/ to download the app |
| Data Residency / Privacy Information |
The App is hosted on Azure as a IaaS and the data is stored in USA.
It stores the tenant ID.
|
| Application Support | https://learn.microsoft.com/en-us/microsoft-365-app-certification/sharepoint/cloudwell-calendar-overlay?pivots=data |
| Important Notes | Security Impact: Calendar Overlay is based on the SharePoint Web App permissions for SharePoint Framework solutions. The Permissions of type delegated are added to the SharePoint Online Client Extensibility Web Application Principal in Azure AD. Therefore can be used by any SharePoint Framework using the same (approved) permissions.
Admin Consent required – Yes (SharePoint Web App Permissions)
User.ReadBasic.All
Calendars.ReadWrite.Shared: Allows the app to create, read, update and delete events in all calendars in the organization user has permissions to access. This includes delegate and shared calendars
Tasks.ReadWrite: Allows the app to create, read, update, and delete the signed-in user’s tasks and task lists, including any shared with the user.
Tasks.ReadWrite.Shared: Allows the app to create, read, update, and delete tasks a user has permissions to, including their own and shared tasks.
Directory.AccessAsUser.All: Allows the app to have the same access to information in the directory as the signed-in user.
Calendars.ReadWrite: Allows the app to create, read, update, and delete events in user calendars.
Group.ReadWrite.All: Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Also allows the app to read and write calendar, conversations, files, and other group content for all groups the signed-in user can access. Additionally, allows group owners to manage their groups and allows group members to update group content.
MailboxSettings.ReadWrite: Allows the app to create, read, update, and delete user’s mailbox settings. Does not include permission to directly send mail but allows the app to create rules that can forward or redirect messages.
Licensing Impact: Anyone with a nhs.net account and a paid Calendar Overlay membership account can use, once the add-in is enable and consented for everyone. Organisation Wide Sharing: The app will be enabled tenant-wide for everyone. Local Considerations: SharePoint Online 3rd Party Integration: Integration with nhs.net teams, sharepoint, groups, mailbox setting and calendar. |
ClickUp
| Description | ClickUp is a productivity tool for managing tasks and projects, and includes a health template to manage patients. The product has similar capabilities to Microsoft O365, such as functionalities within SharePoint lists, Calendars and Planner. ClickUp also integrates with Microsoft Teams, with features such as users receiving notifications when tasks are edited in the ClickUp web version, and using Teams client search to retrieve and discuss a task. |
| Website | https://clickup.com/ |
| Data Residency / Privacy Information | https://clickup.com/privacy |
| Application Support | Provided by ClickUp |
| Important Notes | Clinical safety impact: A patient tracking system is included as a template, and tracks data including name, medication and allergies. Risk exists of patient data residing outside of approved NHS systems.
Licensing: ClickUp licensing is additional to Office 365 licensing. There are 4 plans – “Free Forever”, Unlimited ($5 pmm), “Business” ($9 pmm) and “Enterprise”. The free version has limited security or data privacy polices and so paid versions are recommended. |
Compliance by Metacompliance
| Description |
There are a few ways in which users can be added to the MetaCompliance platform.
Email bulk upload:
A user list (CSV or Excel) can be uploaded into the platform. This list includes details such as the user’s forename, surname, email address etc. In order to log in, these users are invited to activate their profile and set up a unique password. This option doesn’t provide the SSO.
Federated Bulk Upload: same process as above; however, these users can benefit from SSO when logging in.
Active Directory Synchronization: AD Sync tool installed which will replicate the organisation’s Active Directory on to the platform for targeting purposes. If required, collectives can be manually created for more bespoke targeting requirements. The AD Sync tool updates on a nightly basis to reflect joiners/leavers/changers. Users benefit from SSO.
SCIM: users added to the platform via Azure. Dynamic/Security groups can also be imported across for targeting purposes. Regular sync performed to take into account joiners/leavers/changers. Users benefit from SSO.
MetaCompliance have requested to configure the option 4 – SCIM (System for Cros-domain Identity Mangement).
|
| Website | NA |
| Data Protection Assessment |
As part of the user provisioning via Azure AD, user configured configured (i.e., security group), all users will synced via app provisioning will be stored on the metacompliance portal.
The provisioned details will be stored on the metacompliance portal.
|
| Application Support | Local organisations are responsbile to procure required paid subscriptions to use MetaCompliance. It will also require to update the app configuration by adding the required all users security group as per the new org. |
| Important Notes | Licensing Impact: Users will be required to have a valid MetaCompliance account to sign-in and use.
Organisation Wide Sharing: The user provisioning via app to MetaCompliance app will be restricted to all users security groups. It will also require to update the app configuration by adding the required all users security group as per the new org. Local Considerations: Local organisations are responsbile to procure required paid subscriptions to use MetaCompliance. It will also require to update the app configuration by adding the required all users security group as per the new org. 3rd Party Integration: SSO |
Data Visualizer
| Description | This add-in allows users to create Visio flowcharts, cross-functional flowcharts and organisation charts from Excel data with the Visio Data Visualizer Add-in. The add-in uses Office (Visio) Online to create the visualization. |
| Website | https://appsource.microsoft.com/ |
| Data Residency / Privacy Information | https://privacy.microsoft.com/ |
| Application Support | Provided by Microsoft |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add add-in in their excel document, once the add-in is enable and consent for everyone.
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. Local Considerations: The add-in works with Excel 2016 or later on Windows, Excel on Mac (Microsoft 365), Excel on Windows (Microsoft 365), Excel on the web, Mac Excel. |
Decisions – Meeting Management Solution
| Description |
Decisions app allows taking meeting minutes, assigning tasks and tracking decisions
|
| Security Impact |
Decision app is based on the Microsoft Graph API and as part of enablement admin consent is required for the following delegate permissions: Admin Consent required – Yes
Chat.ReadWrite (Delegated): Allows an app to read and write 1 on 1 or group chats threads, on behalf of the signed-in user.
Notes.ReadWrite.All (Delegated): Allows the app to read, share, and modify OneNote notebooks that the signed-in user has access to in the organization.
MailboxSettings.Read (Delegated): Allows the app to the read user’s mailbox settings. Does not include permission to send mail.
Sites.ReadWrite.All (Delegated): Allows the application to edit or delete documents and list items in all site collections on behalf of the signed-in user.
User.Read (Delegated): Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
User.ReadBasic.All (Delegated): Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address and photo.
Group.ReadWrite.All (Delegated): Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Additionally allows group owners to manage their groups and allows group members to update group content.
Mail.Send (Delegated): Allows the app to send mail as users in the organization.
Calendars.ReadWrite (Delegated): Allows the app to create, read, update, and delete events in user calendars.
Files.ReadWrite (Delegated): Allows the app to read, create, update and delete the signed-in user’s files.
Files.Read.All (Delegated): Allows the app to read all files the signed-in user can access.
Sites.Managed.All (Delegated): Create, edit, and delete items and lists in all site collections
TeamsTab.Create (Delegated): Allows the app to create tabs in any team in Microsoft Teams, on behalf of the signed-in user. This does not grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs
TeamsTab.Read.All (Delegated): Read the names and settings of tabs inside any team in Microsoft Teams, on behalf of the signed-in user. This does not give access to the content inside the tabs.
TeamsAppInstallation.ReadWriteForChat (Delegated): Allows the app to read, install, upgrade, and uninstall Teams apps in chats the signed-in user can access. Does not give the ability to read application-specific settings
Tasks.ReadWrite (Delegated): Create, read, update, and delete user’s tasks and task lists
TeamsTab.ReadWriteForChat (Delegated): Allow the Teams app to manage all tabs in chats
Directory.Read.All (Delegated): Allows the app to read data in your company or school directory, such as users, groups, and apps.
|
| Data Protection Assessment |
Decisions does not collect or process the Customer’s data, such as files etc. The data provided by the Customer while using the Software is only available to the Customer.
The Service is delivered on Microsoft Office 365 Cloud Services and Microsoft Azure. All customer data is stored in the customers Microsoft Office 365 tenant. All data stored or processed on the service are anonymous and non-traceable to individual persons. As such, Decisions will not store, collect or process personal data on behalf of the Customer.
|
| Important Notes | Licensing Impact: Every NHS user can use the Decisions application, which allows for limited use with no additional cost.
Data Privacy Assessment: The app is enabled tenant-wide for everyone Organisation Wide Sharing: The app will be enabled tenant-wide for everyone. However, the app requires to setup an account for integration with Board Pappers. Clinical safety impact: Users data (documents) are stored in Office 365 tenancy. That means users keep control of all your sensitive data under existing security policies.. Local Considerations:The app supports Teams, Outlook (requires desktop app for optimised experience), Word and iOS and Android devices 3rd Party Integration: Integration with nhs.net Teams, Apps, Outook Additional features: For teams and users looking for enhanced volume of use, there are additional options available at additional cost. The Accenture helpdesk or NHS.net Connect team are unable to assist with queries regarding the Decisions Application. Please contact the Decisions team for further information.
Decisions | Meeting management software for Microsoft 365 Decisions meeting management software lets organizations run more engaged meetings with agenda and meeting minutes tools, collaboration features, and more. |
Diligent Boards
| Description |
Diligent Boards is a platform for managing board & committee meeting information allowing for effective management of board meetings for individuals.
|
| Security Impact |
There are no org wide permissions requried for Diligent Boards as the majority of the data is held within Diligent Boards itself. The application does store the Tenant Id and Teams User ID on servers within the United States.
|
| Data Protection Assessment |
No data is shared with Diligent Boards apart from the Tenant ID and Teams User ID. This does not introduce a method of sharing data stored within the tenant outside of the tenant.
|
| Important Notes | Licensing Impact: No impact on O365 licensing. Licensing for the product itself outside of national licensing.
Data Privacy Assessment: No use of existing data within the Tenant and no new sharing mechanisms introduced. Organisation Wide Sharing: No sharing. Clinical safety impact: None. Service Impact: None expected – support for Diligent Boards would be provided by the vendor. Local Considerations: None. That would be the responsibility of the central tenant team. 3rd Party Integration: No. |
DocuSign for Word
| Description |
The DocuSign for Word allows to eSign documents direct from word.
|
| Security Impact |
There is no risk of data to being exposed out of nhs.net tenant this add-in just provides an option to esign documents by accessing it from user’s Docu Sign account.
No Consent Required. |
| Data Protection Assessment |
The Docu Sign word add-in does not give any elevated access to the data or does not represent any data privacy risk.
|
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add add-in with Word documents, once the add-in is enabled.
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. Clinical safety impact: The DocuSign for Word does not introduce any clinical safety risk. Service Impact: There is no service impact. Any queries around the add-in would be dealt by individual trust support. 3rd Party Integration: No. |
E-H
The Events Calendar (Liquid Web brand)
| Description |
Events Calendar integration with Exchange Online calendar for Teams meetings allows users to schedule their meetings directly via the Events Calendar web interface. The Events Calendar web interface can be accessed directly via the Internet to allow users to view the availability in the calendar and book appointments.
|
| Security Impact |
To use Events Calendar integration, the Events Calendar web app must be integrated by allowing Events Calendar to acces user calendar with delegate permissions.
Admin Consent required: Yes
Permissions Type: Delegate
User.Read (Delegate): Allows users to sign in to the app, and allows the app to read the profile of signed-in users. It also allow the app to read basic company information of signed-in users.
Calendars.ReadWrite (Delegate): Allows the app to create, read, update, and delete events in user calendars.
|
| Important Notes | Licensing Impact: The Events Calendar is a web based interface – provides integration with Exchange Online calendar via Graph API to book meetings.
Organisation Wide Sharing: The Events Calendar can be consented at the tenant level for all users. Useres wil be required to have a paid subscription to use the Events Calendar. 3rd Party Integration: Potentially – Exchange Online (Calendar) and Teams. |
FreshDesk
| Description |
FreshDesk is an application that aims to combine email and call data – the request here is to add the ability to add support mailboxes to Freshdesk so that it can send and receive emails on behalf of the support mailbox.
|
| Security Impact |
The app requires the following delegated permissions:
offline_access – Maintain access you have given access to
User.Read
SMTP.Send
IMAP.AccessAsUser.All
This allows the Freshdesk application access to mails from a mailbox that you have the username and password for.
|
| Data Protection Assessment |
Message data will be pulled into Freshworks to be processed as part of interaction history and general CRM/Helpdesk management platform. Data stored within EEA but is chosen at time of purchase. Potential for 3rd party integrations with “”Freshdesk Apps”” which would then not be controled centrally by NHS Mail. |
| Important Notes | Licensing Impact: No impact on O365 licensing. Licensing for the product itself outside of national licensing.
Data Privacy Assessment: Potential that data sent to a mailbox on NHS Mail is available to people without access to NHS Mail but this would be managed by the Trust and their overall management of Freshworks. Organisation Wide Sharing: No sharing. Clinical safety impact: Potentially – completely depends on what is shared with the application. Request is for better tracking of patient interactions but that is down to what the trust shares with Freshdesk. Role Based Access / Tenant-in-tenant: This integration is for the ability to add mailboxes into Freshdesk and so multiple supported Enterprise app is just for OAUTH. Service Impact: None expected – support for FreshDesk would be provided by the vendor. Local Considerations: None. That would be the responsibliltiy of the central tenant team. 3rd Party Integration: Potentially – Third party app store on Freshdesk which would potentially open up access to mail shared via integration with Third parties without NHS Mail knowledge. |
Forms
| Description | Microsoft Forms is an add-in that can be used by users create a survey, quiz, poll, or other type of form and insert it into a PowerPoint slide. People who view presentation can respond to form without leaving PowerPoint. |
| Website | https://appsource.microsoft.com/ |
| Data Residency / Privacy Information | https://privacy.microsoft.com/ |
| Application Support | Provided by Microsoft |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add add-in in their PowerPoint document, once the add-in is enabled.
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. Local Considerations: The add-in works in PowerPoint 2013 or later on Mac, PowerPoint 2013 or later on Windows, PowerPoint on the web. |
GoBright
| Description |
The platform for Room, Desk & Visitor Management.
|
| Security Impact |
Teams App – Consent Required: No
App provides interface to access ressournces/bookings from GoBright account.
|
| Data Protection Assessment |
GoBright stores User name, user email, room & desk bookings. The data is geograhically stored in Netherlands (the), Ireland, United Kingdom of Great Britain and Northern Ireland (the). |
| Important Notes | Licensing Impact: Users will be required to have a valid GoBright account to sign-in and use.
Data Privacy Assessment: GoBright stores User name, user email, room & desk bookings. The data is geograhically stored in Netherlands (the), Ireland, United Kingdom of Great Britain and Northern Ireland (the). Organisation Wide Sharing: GoBright will be enabled at the tenant level. Orgs with a valid GoBright subscription will be able to use the service. Clinical safety impact: GoBright does not introduce any clinical safety risk. Service Impact: There is no service impact. Any queries around the add-in would be dealt by individual trust support. |
GoBright – Outlook Add in
| Description |
Allows to integrate GoBright in the appointment window of the Outlook Calendar.
|
| Security Impact | |
| Data Protection Assessment |
GoBright stores User name, user email, room & desk bookings. The data is geograhically stored in Netherlands (the), Ireland, United Kingdom of Great Britain and Northern Ireland (the). This add-in allows users to access their GoBright account use it for meeting config. |
| Important Notes | Licensing Impact: Users will be required to have a valid GoBright account to sign-in and use.
Local Considerations: Local organisations are responsbile to procure required paid subscriptions to use GoBright. Organisation Wide Sharing: This custom add-in can be restricted to requested org. Clinical safety impact: GoBright does not introduce any clinical safety risk. |
Go To Meeting
| Description | GoToMeeting is a video conferencing provider, with an add-in for Microsoft Teams that allows users to start and join meetings. |
| Website | https://www.gotomeeting.com/en-gb |
| Data Residency / Privacy Information | https://www.logmeininc.com/legal/privacy |
| Application Support | Provided by GoToMeeting |
| Important Notes | Licensing: All users would require additional GoToMeeting licensing (outside of Office 365). There is a 14 day free trial.
Local Considerations: Local organisations should impact assess the network configuration and desktop application installation for the GoToMeetings Application. There is no installation required for the Teams add-in. |
I-L
Jamf Trust
| Description |
Jamf Trust is an application to be installed on end user devices to deploy services from the Jamf Security suite.
|
| Security Impact |
The addin requires the following delegated permissions:
OpenID – to sign users in
offline_access – Maintain access you have given access to
User.Read
GroupMember.Read.All – Gives app access to read the groups of which the signed in user is a member – not all groups in the org
|
| Data Protection Assessment |
This integration is purely for Jamf Trust to use the directory as an IdP
|
| Important Notes | Licensing Impact: No impact on O365 licensing. Licensing for the product itself outside of national licensing.
Data Privacy Assessment: Groups the user is a member of can be enumerated by the app and used to configure SSO with Jamf. Organisation Wide Sharing: No sharing. Clinical safety impact: None. Role Based Access / Tenant-in-tenant: This integration is for the ability to add mailboxes into Freshdesk and so multiple supported Enterprise app is just for OAUTH. Service Impact: None expected – support for Jamf would be provided by the vendor. Local Considerations: None. That would be the responsibliltiy of the central tenant team. 3rd Party Integration: No. |
Jira Service Management – Email Integration
| Description |
Jira Service Management – integration for Modern Auth.
|
| Security Impact |
It is to configure incoming email server with OAUTH via Jira Web App.
Consent Required: Yes
Permissions: Delegate
IMAP.AccessAsUser.All: Allows the app to have the same access to mailboxes as the signed-in user via IMAP protocol.
Mail.ReadWrite: Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail.
Offline_access: Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.
openid: Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information.
|
| Data Protection Assessment | |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add add-in in their word and Excel documents, once the add-in is enabled.
Data Privacy Assessment: EU – Consists of AWS Frankfurt and Dublin regions
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. Clinical safety impact: Jira Service Management does not introduce any clinical safety risk. Service Impact: There is no service impact. Any queries around the add-in would be dealt by individual trust support. Local Considerations: The add-in works on Jira’s web app. 3rd Party Integration: Modern Auth / Mailbox. |
Kahoot App
| Description |
Kahoot app for Microsoft Teams enables Kahoot users to assign challenges and play live games to teach or present directly in the Teams client.
|
| Security Impact |
Admin Consent required: No
Teams App and PowerPoint App can be used without any consent. It provides an interface to access Kahoot via App and/or add-in.
|
| Data Protection Assessment | The app only provides the interface to use the Kahoot via Teams client and PowerPoint add-in. The service configuraion and accounts needs to be managed directly outside of the Teams. Its local org responsibility to setup the Kahoot. |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add app in their Teams client. However, their organisations will need a valid subscription to use Kahoot platform via Teams for any learning activity.
Data Privacy Assessment: The app only provides the interface to use the Kahoot via Teams client and PowerPoint add-in. The service configuraion and accounts needs to be managed directly outside of the Teams. Its local org responsibility to setup the Kahoot. Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. Clinical safety impact: The Kahoot app does not introduce any clinical safety risk. Service Impact: There is no service impact. Any queries around the add-in would be dealt by individual trust support. Local Considerations: The app works with Teams App and PowerPoint web client. 3rd Party Integration: Teams and PowerPoint. |
Live Chat
| Description |
Live Chat allows you to talk with your website visitors right from Microsoft Teams. |
| Security Impact |
Permissions are fairly standard for a Teams and and are: Receive messages and data that I provide to it. |
| Data Privacy | https://www.socialintents.com/privacy.html |
| Important Notes | Licensing Impact: There is no impact to O365 licensing with this product.
The product does appear to require purchasing a subscription. Organisation Wide Sharing: The app does not appear to have any organisation wide sharing features. Clinical safety impact: The application is a general purpose productivity application and not designed specifically to process personal data. However, it is possible that end users would put such data into the application. 3rd Party Integration: None. |
M-P
MedxNote
| Description | Medxnote is a Robotic Clinical Assistant (RCA) platform that connects with existing Health Information Technology (HIT) systems and Microsoft Teams. It aims to link doctors and nurses to any clinical data at the point of care, to drive informed clinical decision making and to help clinicians discharge patients more efficiently.
Medxnote improves patient throughput by connecting Health Information Technology (HIT) systems with Microsoft Teams. The Medxnote platform is an open and extensible platform featuring HL7 FHIR integration and the ability to build a chatbot for a variety of clinical use cases. |
| Website | https://medxnote.com/ |
| Data Residency / Privacy Information | https://medxnote.com/privacy-policy/ |
| Application Support | Provided by Medxnote |
| Important Notes | Clinical Data usage in Teams: Medxnote integrates with organisations HIT systems and allows for the pushing of clinical data to user Teams accounts. It is important to note that integration with HIT/EHR systems would be the responsibility of the Trust and potential risks assessed appropriately.
Data Management: Specific use cases would need to be assessed for data privacy compliance. Medxnote asserts HIPAA, HL7 FHIR and GDPR compliance. The application pushes EHR data to Teams users through bots. This can be configured to push records based on criteria setup as part of individual use cases. These include the notification of results and pushing information on patients who present with specific criteria to certain doctors/users. The usage of EHRs in Teams must be assessed very carefully – links will be saved to channels which means access to those Teams must be carefully managed. Integration: Each organisation would need to configure integration with their on-premise systems if required and conduct appropriate testing. |
MedxPlanner
| Description | MedxPlanner v1.4.7 enables hospitals to integrate their clinical tasks with Microsoft Teams. Tasks that are created in the Electronic Medical Record (EMR) or the Electronic Patient Record (EPR) can be routed to the appropriate clinical team’s Tasks by Planner plan. The clinical team can configure MedxPlanner to allocate different tasks to different Planner buckets and create default assignments based on task titles. MedxPlanner integrates with Microsoft Shifts, allowing on-call clinicians to be notified of new tasks. MedxPlanner supports synchronization, allowing EPR tasks that are sent to Planner to updated back into the EMR/ EPR. |
| Website | https://appsource.microsoft.com/ |
| Data Residency / Privacy Information | https://medxnote.com/privacy-policy/ |
| Application Support | Provided by Medxnote |
| Important Notes | Licensing Impact: Anyone with a nhs.net account and a paid Medxplanner account can use, once the add-in is enable and consented for everyone.
Organisation Wide Sharing: The app will be enabled tenant-wide for everyone. However, the app requires to setup an account for integration with MedxPlanner. Most details will be required to cover multi-org scenario based on the below documentation: 3rd party integration: EPR/EMR connections with Planner Plan and Teams |
Mendeley Cite
| Description | Mendeley Cite add-in for Word, allow users to speed up the process of referencing in their document from their Mendeley library. To use Mendeley, users will be required to have a free registered account from Mendeley. |
| Website | https://pages.store.office.com |
| Data Residency / Privacy Information | https://www.elsevier.com/legal/privacy-policy |
| Application Support | Provided by Mendeley |
| Important Notes | Licensing: No additional Microsoft licensing. Licensing will be the responsibility of Trusts and users utilising the app.
3rd party integration: Integration with word documents. Clinical safety impact: The word documents with add-in might include the confidential data. |
Mentimeter – Teams App
| Description | Mentimeter is an interactive presentation platform that allows users to engage team with live Polling, Quizzes, Word Clouds, Q&A’s and more to capture real-time input in Team meetings. |
| Website | https://appsource.microsoft.com/ – to download the App |
| Data Residency / Privacy Information | https://www.mentimeter.com/privacy/ |
| Application Support | Provided by Mentimeter |
| Important Notes | Licensing Impact: Anyone with a nhs.net account and a paid Mentimter membeship account can use, once the add-in is enable and consented for everyone.
Organisation Wide Sharing: The app will be enabled tenant-wide for everyone. However, the app requires to setup an account for integration with Mentimeter. Team members or participants (incuding external users if any) in the Teams meetings can view and/or access the presentations. Local Considerations: Teams App – client and web. 3rd party integration: Integration with nhs.net Teams. |
Microsoft Dynamics
| Description | In Excel, the Microsoft Dynamics Office Add-in allows users to read, analyze, and edit data from Microsoft Dynamics systems and publish data changes back to Microsoft Dynamics OData services. In Word, the Microsoft Dynamics Office Add-in allows users to design document templates that can then be uploaded to Microsoft Dynamics. Users can then trigger document generation that injects Microsoft Dynamics data into those document templates to produce finished documents. |
| Website | https://appsource.microsoft.com/ |
| Data Residency / Privacy Information | https://privacy.microsoft.com/ |
| Application Support | Provided by Microsoft |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add add-in in their excel and work document, once the add-in is enable and consent for everyone. However, users will be required to have Microsoft Dynamics server details to connect to the service.
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. There are no changes to default sharing behavior. Local Considerations: The add-in works in: Excel 2013 or later on Windows, Excel 2013 SP1 or later on Windows, Excel on Windows (Microsoft 365), Excel on the web, Word 2013 or later on Windows, Word 2013 SP1 or later on Windows, Word on Windows (Microsoft 365). 3rd party integration: Microsoft Dynamics – Office Apps (Excel and Word) |
MindMeister (Teams App)
| Description | MindMeister is a professional mind mapping software that can help to improve communication and foster a creative culture of innovation. |
| Website | https://www.meisterlabs.com |
| Data Residency / Privacy Information | https://www.meisterlabs.com/privacy
Subscription or Registration via Office 365 You can sign up for our service with your Office 365 account. You are forwarded by a link to the Office 365 website from Microsoft (Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399, USA), where you can log in with your Office 365 login credentials. 1. Scope of processing of personal data When you sign in using your Office 365 account, your Office 365 profile will be linked to our service. Please note that we have no influence on the processing of data by Microsoft. Please note that you may need to log out of your Office 365 account after the transfer process. We receive the following information from Microsoft: Name, surname, email address The only information that we use from Microsoft is the following: Name, surname, email address This information is mandatory for the login to be able to identify the user. For more information about Office 365, please see Microsoft Privacy Policy and Microsoft Services Agreement. 2. Legal basis for processing personal data The legal basis for processing personal data in the subscription or registration process can be found in article 6, section 1, item f) of the GDPR. 3. Purpose of processing personal data Login via Office 365 is used to make your login to our product as convenient as possible. 4. Duration of storage Data provided to us from Microsoft is deleted as soon as the purposes it has been collected for have been fulfilled. If data is stored in log files, data will be deleted no more than 14 days after the website or service is accessed. It is possible that data will be stored for a longer period. In this case, the user’s IP address is deleted or distorted, to ensure that the customer accessing the site can no longer be identified. 5. Revocation and deletion Users have the possibility to cancel the registration at any time. You can change or delete the data stored about you at any time. https://www.mindmeister.com/security Hosting: The MindMeister servers are located in an ISO-certified data center in Frankfurt, Germany. User Security: When you create maps on MindMeister, they’re private by default. You can make them public or share them if you choose. The mind map receives permissions assigned in the database. Likewise, any file you attach to a map inherits the same rights as the corresponding map. You can share maps with other people or even the entire internet. You may revoke permissions or revert your map to private at any time. You may restrict invitations, allowing only members of your licensed team or users from a specified email domain access to your project(s). |
| Application Support | Provided by MindMeister |
| Important Notes | Security Impact:
There is no risk of data to being exposed out of nhs.net tenant this add-in provides an option to access MindMeister account via Teams App.
Licensing Impact: Anyone with a nhs.net account can add/use MindMeister. A valid paid account will be required to use the service. Organisation Wide Sharing: The app will be enabled tenant-wide for everyone. Local Considerations: The add-in works with Teams App 3rd party integration: Microsoft Teams |
Mini Calendar and Date Picker
| Description | Mini Calendar and Date Picker is an add-on for Excel. Add a mini monthly calendar to your spreadsheet and use it to insert dates or the current time.
This add-in just provides an option to create a mini calendar and date picker in the excel document. No Admin Consent required When this add-in is used, it |
| Website | https://appsource.microsoft.com |
| Data Residency / Privacy Information | https://privacy.microsoft.com/en-us/privacystatement |
| Application Support | The add-in works for Excel Web and desktop clients. Any queries around the add-in would be dealt by individual trust support. |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add add-in in their word and Excel documents, once the add-in is enabled.
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. 3rd party integration: Office Apps / Excel |
Miro
| Description | Miro is a third party application for creating whiteboards with digital sticky notes for planning and management of Agile workloads. |
| Website | https://miro.com/ |
| Data Residency / Privacy Information | https://miro.com/legal/privacy-policy/ |
| Application Support | Provided by Miro |
| Important Notes | Licensing: A free edition of Miro is available but is very limited. There are a number of plans that come with a cost – these start from $8 per user per month but the Enterprise Plan is a custom model. All plans above a free plan allow anonymous guest editing to be enabled which allows users to invite anybody to view the board and edit.
Organisation-wide Sharing: Default sharing within the application allows users to share content with any individual. The Enterprise Plan allows Miro admins to restrict access to particular domains but other plans cannot be restricted in a similar way. Boards can be restricted to particular individuals but this is down to the manager of the board and cannot be set Miro wide. Training: The Teams add-in requires users to connect to Miro using a bot framework which may not be immediately obvious, so local direction or training may need to be made available. |
Mitel Assistant
| Description | The Mitel Assistant simplifies placing calls with a Mitel call manager using the Mitel desk or softphone as the telephony endpoint. Mitel call managers feature advanced telephony for an seamless user experience. With the Mitel Assistant, Microsoft Teams users will have access to all the call functionality and features. Mitel Assistant is not supported on tablets. To use the dialing feature, users must be a current Mitel customer. |
| Website | https://appsource.microsoft.com/ |
| Data Residency / Privacy Information | https://www.mitel.com/en-ca/legal/mitel-application-privacy-policy/ |
| Application Support | Provided by Mitel |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can use Mitel in their Teams client. However, they will need a valid Mitel account for telephony features.
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. However, each user will need a Mitel account to use it. Local Considerations: The add-in works in the Teams client. |
Mural
| Description | Mural is a digital workspace for visual collaboration which provides visual sharing on a flexible web and mobile play space. The application allows users to drag and drop sticky notes, images, links, and documents on a shared canvas. Mural can integrate with Microsoft Teams through custom tabs, notification bots, and a messaging extension. |
| Website | https://www.mural.co/ |
| Data Residency / Privacy Information | https://www.mural.co/terms/privacy-policy |
| Application Support | Provided by Mural |
| Important Notes | Licensing: All users require additional Mural licensing. There is a 30 day free trial.
Permissions: The users for Rooms and Murals are Owner and Members. Permissions for Members include Viewer, Editor and Facilitator. 3rd party integration: As a 3rd party app, Mural requires connections with external data sources. Mural integrates with Slack, Jira, and GitHub as well as with Teams. Data sharing: Sharing is managed by owners and will need to be carefully managed to ensure data is not inadvertently disclosed. |
My Analytics
| Description | My Analytics is an option part of many M365 Licenses. The service aggregates activity data based of information within Exchange, Teams and optionally Windows 10. It gives users individual insights into the time spent on various activities and metrics to track changes in their behaviour with the aim of promoting productivity as well as rest. |
| Service Impact | This is a standard part of O365 licenses and as the items are purely insights for the individual the impact on service desk should be minimal as impacts will be to individual users and not business critical. As this is a service within O365 there should be minimal updates to monitoring and also support models Availability to assign this license within the portal will need to be developed. |
| Important Notes | Licensing: This is part of the E3 license – it is also included in the widely used E1 and E5 licenses. It is not included as part of th F1 license however. This should be enabled on a per trust basis as they move to Exchange Online.
Organisation-wide Sharing: Insights from My Analytics are only shared with the end user. Training: The Teams add-in requires users to connect to Miro using a bot framework which may not be immediately obvious, so local direction or training may need to be made available. |
NearPod
| Description | Nearpod is a productivity and student engagement tool to facilitate education and teaching – with features supporting the user to make lessons more interactive. Teams integration allows the sharing of Nearpod lessons through Microsoft Teams. |
| Website | https://nearpod.com |
| Data Residency / Privacy Information | https://nearpod.zendesk.com/hc/en-us/articles/360049188592 |
| Application Support | Application support should be provided by Nearpod directly |
| Important Notes | Licensing: To use the application, a license will need to be purchased directly from Nearpod.
Organisation wide Sharing: There does not appear to be any features which would allow organisation wide sharing. |
OX.Waiting Room (OX.DH)
| Description | The OX. Waiting Room is an azure native cloud solution build on the Microsoft Dataverse, which connects clinicians, patients, and data via a Microsoft Teams plugin. The app is hosted on the OX.DH tenant. |
| Website | https://appsource.microsoft.com/ |
| Data Residency / Privacy Information | https://oxdhblob.blob.core.windows.net/oxdh/privacy |
| Application Support | Provided by OX.DH |
| Important Notes | Licensing Impact: The Ox.wr can only be used with Microsoft Teams. NHSmail organisations / users will be required to use OX.wr will be required to have Individual Data Protection Impact Assessment (DPIAs) with OX.DH..
Organisation Wide Sharing: The OX.wr will be deployed at the tenant level for all Microsoft Teams users. Users will be required to have a registered account to use the service. Local Considerations: The Ox.wr can only be used with Microsoft Teams. NHSmail organisations / users will be required to use OX.wr will be required to have Individual Data Protection Impact Assessment (DPIAs) with OX.DH. 3rd party integration: Microsoft Teams |
People Graph
| Description | Microsoft People Graph is an add-in that can be used by users to show their data in a vivid way by transforming into the charts. The app provides: • 3 chart types, • 7 themes for each type and • 16 shapes |
| Website | https://appsource.microsoft.com/ |
| Data Residency / Privacy Information | https://peoplegraph.firstpartyapps.oaspapps.com/peoplegraph/privacystatement |
| Application Support | Provided by Microsoft |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add add-in in their excel document, once the add-in is enable and consent for everyone.
Organisation Wide Sharing: The add-in will be enabled tenant-wide for everyone. Local Considerations: The add-in works in Excel 2013 or later on Mac, Excel 2013 or later on Windows, Excel on the web. |
Perfect Wiki
| Description | Perfect Wiki is a detail-oriented knowledge database that allow users to store and edit their SOPs, user guides, HR practices, onboarding flows, and more from Microsoft Teams channels. |
| Website | https://perfectwikiforteams.com |
| Data Residency / Privacy Information |
All user content is encrypted in transit using TLS 1.2+ with perfect forward secrecy. Servers holding user data will use full disk, industry-standard AES 256 encryption.
We’re committed to compliance with the EU General Data Protection Regulation (GDPR) and have implemented a wide range of technical and organisational measures.
Automatic everyday encrypted database backups that are stored for up to 60 days.
Export all your data at any time in html format, even if your subscription is terminated.
Which hosting cloud providers does the app use? GCP
Does the app or underlying infrastructure process any data relating to a Microsoft customer or their device?
No
Does the app or underlying infrastructure store any Microsoft customer data?
No
|
| Application Support | https://perfectwikiforteams.com/security/ |
| Important Notes | Licensing Impact: Anyone with a nhs.net account can add app in their Teams client. However, their organisations will need a valid subscription to use Perfect Wiki platform via Teams.
Organisation Wide Sharing: The App will be enabled tenant-wide for everyone. Local Considerations: The app works with Teams App. 3rd party integration: Microsoft Teams |
Power Automate with Attended and unattended RPA
| Description | Power Automate offers Desktop flows with both attended and unattended RPA (Robotic Process Automation). This means you can record and playback actions with or without human interaction (attended and unattended, respectively). RPA capabilities are licensed as part of two Power Automate offers that provide the flexibility to address a range of attended and unattended scenarios. UI flow authoring and bot orchestration and management are included in both offers. Power Automate per user with attended and/or unattended RPA plan spans legacy and modern applications, allowing individual users to create unlimited flows for API-based automation plus automate legacy applications with desktop flows through RPA and AI (Artificial Intelligence). This plan builds on the Power Automate per user plan with the ability for users to run an attended RPA bot on their workstation. Throughout the document the Power Automate with RPA flows are referred to as Desktop flows (current MS terminology) /UI flows (previous MS terminology)/RPA. |
| More Information | https://support.nhs.net/knowledge-base/power-platform-licence-guidance/ |
| Data Protection Assessment
Updated on 06/11/2024
Need Support?Contact Support
 |