Please note this information is correct at the time of publishing
Local Administrator (LA) bulletin – 05 November 2021
Intune update and technical overview
Please see the link below for the recording of the NHSmail Intune Webinar held on 28 October 2021. The webinar provides an update on the delivery status of the project, outlining of the onboarding journey and explains more about the technical solution.
A Frequently Asked Questions (FAQs) document providing answers to questions asked by attendees to this webinar will be published on the NHSmail support site shortly.
FIDO2 Multi-Factor Authentication (MFA) option coming soon
FIDO2 will soon be available as an additional option for Multi-Factor Authentication (MFA) to NHSmail users with a go-live date set for early November 2021. FIDO2 authentication enables password-only logins to be replaced with secure and fast login experiences to authenticate across websites and applications in both mobile and desktop environments.
Benefits include greater security as password-only logins are replaced with strong MFA using a hardware authenticator and staff do not need to remember another password to securely login to common systems and applications. FIDO2 supports open authentication standards and offer users more choice by providing an additional option for MFA.
Local Administrators (LAs) and staff will be able to register FIDO2 security tokens and make changes using Helpdesk Self-Service (HSS) via the NHSmail portal.
It is a local organisation level decision if you wish to roll out FIDO2 to your users.
Automated all user security group functionality coming soon
All user automated security groups are now available for all organisations. You will be able to use these security groups to manage access to SharePoint sites and Microsoft Teams as well as share Power Apps. Updates to the groups are automatic including Joiners, Movers and Leavers so there will not be any action required to manage the groups.
Please visit the guidance on the NHSmail support site for further information.
Retirement of legacy hostnames – new date 09 November 2021
Please note, the retirement of legacy hostnames planned earlier this week has been rescheduled 09 November 2021.
The hostnames being retired are:
In advance of the change, you must update your applications / accounts to use outlook.office365.com for POP & IMAP protocols moving forward.
For further support it is recommended that you contact your Local Administrator (LA) for troubleshooting assistance in the first instance.
New app stores expansion and request process
From 08 November, application enablement requests are being automated. Requests for new apps to be enabled on the NHSmail shared tenant will can be raised via a request on Helpdesk Self Service (HSS).
We are expanding the range of stores you will be able to request apps from to include the O365 App Store (App Source), the SharePoint App Store, including custom SPFX and third-party apps, and Global Term Group and Term management requests from the Global Terms Store.
Further guidance on the app request process, how to access stores and apps, and how to manage metadata (Terms) will be published on the NHSmail support pages shortly.
Please note all app requests are subject to review by the Technical Design Authority (TDA) to determine if they are suitable for integration onto the NHSmail shared tenant.
Following feedback from Local Administrators (LAs) and NHSmail users, password reminders will now be personalised, following the Wellington portal release. The new format will be Dear <firstname>. We are also taking the opportunity to remove hyperlinks, adhering to best practice.
A further enhancement will be to include all LAs in password reminders that are sent to application accounts, this is to ensure where application accounts are not monitored sufficiently, a potential service impact can be mitigated.
Where application accounts are not marked as such and are used as if they are a standard user account, LAs will not receive a reminder. The reminder will go to the mailbox as if it were a standard user account. There will be an unusual naming convention that will appear on the reminder, depending on the user mailbox name.
For example, a user mailbox such as firstname.lastname@example.org that is not marked as an application account will receive reminder communications titled “Dear Qwerty”.
There is no specific action you need to take though you may wish to update your user base.
NHSmail is provided by NHS Digital
in partnership with Accenture