Overview
Multi-Factor Authentication (MFA) provides an additional layer of security to your NHSmail account when signing in to NHSmail via a web browser. MFA will automatically be enabled if your account is marked as compromised. For security reasons, once it has been enabled in this way, it can never be permanently disabled.
In the case where a user needs temporary access to their account without authentication, administrators will have the ability to trigger the “Disable Azure MFA for 48 hours” feature. This may be useful in the following scenarios:
- A user is awaiting the delivery of a FIDO token from their organisation or needs to go into the office to collect their token
- A user is finalising which authentication process is more appropriate for them
- A user in a high-profile role needs immediate access to their emails
How to Disable MFA for 48 hours
1. After an account is marked as compromised for the first time, a new ‘Disable Azure MFA for 48 hours’ button will appear. While the account is compromised, this feature cannot be used by any administrators.
2. Once an account has been remediated, as an administrator, click on the ‘Disable Azure MFA for 48 hours’ button to trigger the process.
3. The following success notification will be displayed to notify that MFA has been disabled for the 48-hour period.
4. During this 48-hour period, MFA will be disabled. At the end of the 48 hours, MFA will be re-enabled on the account. The user will be able to continue logging into NHSmail with the same MFA credentials as before.
Links:
| Last Reviewed Date | 12/08/2022 |
