Register your interest by completing the Intune Registration Form. The Intune team will then contact you to discuss a date to onboard. Prior to onboarding, you’ll just need to provide some basic details via the Onboarding Request Form. We’ll then be able to technically onboard your organisation and you can start enrolling devices.

Most NHSmail organisations are eligible to join the NHSmail Intune Service. Currently, organisations that are managed by the National Administration Service (NAS) are unable to use the service.

The technical onboarding of organisations only takes a few hours. Once this has completed, we’ll confirm this and you can then begin enrolling devices.

To complete the Onboarding Request Form, you will need your organisation’s ODS Code, the nhs.net email addresses of all LAs who will need RBAC permissions, and the estimated number of users expected to use Intune-enrolled devices at your organisation.

Yes. Multi-organisations (those managing the devices of other organisations / having their devices managed by other organisations) can use NHSmail Intune.

For further details please see this article: https://support.nhs.net/knowledge-base/multi-organisation-management/

Yes, we can offer an introductory call to you as part of the onboarding process to provide an overview of the service and allow you to ask any specific questions.

No. Onboarding to use the platform does not commit your organisation to enrol a certain number of devices or to use it as your main MDM.

If you are a Local Administrator for your organisation and have been provided with RBAC permissions for NHSmail Intune, you should be able to access the Intune Portal to begin configuring your organisation’s environment and enrolling devices by following this link: https://endpoint.microsoft.com/

EMS E3 and AADP2 licences are required and will need to be assigned to all LAs and end users who will be using an Intune-enrolled device. These licences are available to most NHS organisation under the new licensing agreement with Microsoft and are included in the National License. Add link

All users using shared Windows 10/11 devices will need an EMS E3 and AADP2 licence assigned to them under the National License.

Users using shared iOS and Android devices do not need an EMS E3 and AADP2 licence assigned to them.

Yes, this link will need to have been successfully completed before you will be able to enrol any iOS devices into NHSmail Intune.

To connect ABM to NHSmail Intune, organisations will need a device enrolment token from the Apple portal. This token lets Intune sync information for your Apple devices and permits Intune to upload enrolment profiles to Apple. A step-by-step guide to linking your ABM is included in the Operations Guide, although LAs are encouraged to raise a Service Request via Helpdesk Self-Service in order for the Intune Live Service team to support with this.

Yes. While you will need to link your ABM into NHSmail Intune when you are onboarding, this does not mean you need to unlink another MDM solution. This should make it easier for organisations to transition onto the NHSmail Intune Service, without leaving any devices unmanaged.

Any iOS/iPadOS, Android, Windows 10/11 (including Surface Hubs) or HoloLens 2 corporate devices can be enrolled. MacOS is also supported.

There is no limit to the number of devices which can be managed via the NHSmail Intune Service.

Yes. You will just need to remove all devices you intend to onboard onto the NHSmail Intune Service from any previous MDM solution/s.

This is not usually possible, but it may depend on the MDM solution you were using previously. If you have previously used Microsoft Intune, you may be able to export and import policies and profiles, otherwise you will need to manually move policies.

Yes. When your organisation is onboarded, we will ask for an initial list of Local Admins to provide permissions to. If you need to add or remove individuals from this list, please raise a Service Request with the Intune Live Service Team via Helpdesk Self-Service.

NHSmail Intune provides three different RBAC roles.

1. Administrator role

2. First-line RBAC role

3. Read-only RBAC role

For further details on these roles please see the NHSmail Intune Operations Guide.

No. LAs are not able to manage groups of users and devices via the Intune portal. Local Admins will need to use the NHSmail Intune Security Group Management app to manage groups of users and devices in Intune.

Need to use new nhs functions in portal for users. Win10 devices – still use group management power app. Mobile devise groups require a service request.

Local Admins from onboarded organisations can access the Group Management Application by following this link: https://make.powerapps.com/environments/762c3051-5c30-48ed-adde-537f357687dd/apps

Guidance on how to use and manage Groups via this application can be found in the NHSmail Intune Operations Guide.

All supporting documentation created to support onboarded organisations to smoothly transition onto the service can be found here.

In the first instance, LAs should refer to the Operations Guide for Local Administrators and Onboarding Managers to try to troubleshoot any technical issues. If support is still required, then LAs should submit an incident to the Intune Live Service Team via Helpdesk Self-Service.

Onboarded organisations can use the NHSmail Intune Teams channel to understand more about the experience of others on the platform. Onboarded organisations can also reach out for support directly from the Microsoft FastTrack Team. Further details available in this article: https://support.nhs.net/knowledge-base/microsoft-fasttrack-support/

No, the Intune Live Service Team and Microsoft FastTrack Team can remotely support with any technical issues and/or understanding more about NHSmail Intune but all on-site deployment activities are the responsibility of organisations.

Yes. For further details please see this article: https://support.nhs.net/knowledge-base/nhsmail-intune-service-co-management-and-certificate-provisioning/

Yes. Samsung Knox can be used. For further details, please see this article: https://support.nhs.net/knowledge-base/nhsmail-intune-service-samsung-knox-mobile-enrolment-kme/

Yes Google Zero Touch is supported. For further details please see this article.

Yes. There are 3 ways to manage Windows 10/11 devices on NHSmail Intune. For further details, please see this section: https://support.nhs.net/article-categories/windows-10-11/

Yes. The Intune Live Service Team will be able to support your organisation with understanding and progressing through the prerequisites. If you would like to request support, please contact the Intune Live Service Team or leave a message on the Intune Teams Channel.