Please note this information is correct at the time of publishing.
Local Administrator (LA) bulletin – 09 May 2023
Dear Primary / Local Administrator,
Accessing NHSmail services from outside of the United Kingdom
We recently announced if users wish to access their account from outside of the United Kingdom (UK) and do not have a secure mechanism for connecting to NHSmail services, their access will be blocked.
We suggested that users should have a secure mechanism in place prior to leaving the UK but we did allow users to enrol for Multi Factor Authentication (MFA) themselves whilst they were outside the UK.
We are refining this process and will no longer be allowing users to self-enrol for MFA whilst they are abroad, this will need to be actioned prior to leaving the UK.
There may be use cases where this is not practical so there will be a process for LAs to disable this block and allow self-enrol outside of the UK for a 48- hour period, this process will be via helpdesk self-service initially.
Further details will be added to the https://support.nhs.net/announcements/ ahead of this being enforced.
Microsoft Teams Rooms device licensing reminder
Communications will be sent to LAs reminding them to purchase the appropriate Teams Rooms licences to ensure that their Microsoft Teams Rooms devices continue working beyond 1 July 2023.
After this date Microsoft will remove support for the current E3R national licence being utilised.
These communications will only be sent to LAs of affected organisations.
Basic Authentication Deprecation
This is a reminder that basic authentication is being deprecated on the NHSmail shared tenant in line with Microsoft policy and is being replaced by modern authentication to make the service more secure.
As part of Phase 1 the following protocols were deprecated 27 April 2023:
- Exchange ActiveSync (EAS)
- Remote Procedure Call (RPC)
Remote Power Shell (RPS), Exchange Web Services (EWS), Post Office Protocol (POP) and Internet Messaging Access Protocol (IMAP) will also be deprecated 25 May 2023.
To learn more please visit the NHSmail support pages about Basic Authentication Deprecation.
Disabling Simple Mail Transfer Protocol (SMTP) on user accounts
Over the coming weeks, we will be communicating to users who have actively used SMTP on their NHSmail user accounts to inform them that this protocol will be disabled, following this user engagement we will also be contacting LAs with additional information. We will start the project by automatically removing SMTP from accounts that have not used the protocol in the last 30 days.
If continued use of SMTP is required, the user account should be converted into an application account.
Please note if a user mailbox needs to be converted into an application account, it must be appropriately named to indicate it is being used for sending a high volume of email, for example ‘email@example.com. This may mean you will need to create a new appropriately named account as an account belonging to a named individual cannot be an application account.
For more information on converting a user account to an application account, please visit the NHSmail Support site on Application Account Requests.
Multi-Factor Authentication (MFA) policy document publication
The Multi-Factor Authentication (MFA) policy document is now published on the NHSmail support pages here – NHSmail MFA Policy – NHSmail Support.
The policy document provides key information to organisations on the approach being deployed by NHSmail for the adoption of MFA for all users across the NHSmail platform from 3 July 2023, with full implementation expected to be finished by the end of March 2024. This guidance is aimed primarily at NHSmail Local Administrators (LAs) and those teams managing the roll out of MFA to their organisation and will be updated iteratively as planned activity is delivered across the platform.
NHSmail Primary Care GP Telephony provision
During winter pressures our colleagues within Primary Care funded Microsoft Teams telephony functionality for outbound calling.
This functionality expired on 30 April 2023 and is now following a 30-day grace period, with all access and provision from both Microsoft and NHSmail to stop by May 31 2023.
If organisations and practices are looking to continue using the functionality this will need to be procured and funded locally via your existing Microsoft Enterprise Subscription Agreement (ESA) or directly within NHSmail for those organisations who may not have an ESA NHSmail licence top ups for Non-Enterprise Agreement organisations – NHSmail Support.
Should organisations wish to discuss this more or obtain usage information for their practices to help inform their decisions, please contact firstname.lastname@example.org.
NHSmail O365 Townhalls
The NHSmail O365 townhalls are held monthly for collaboration software licensing nominated contacts within your organisation. The recordings are available on the NHSmail support site.
OneNote to Block Embedded Files that Have Dangerous Extensions
OneNote is making an important change to how it treats embedded files that have dangerous extensions. Previously, OneNote would show users a warning dialog when users tried to open an embedded file with a dangerous extension; users could open the file by choosing OK in the dialog.
With this update, OneNote will show users a dialog that will let them know that their administrator has blocked them from opening the embedded file that has a dangerous extension, to also align with the same extensions that Outlook, Word, Excel and PowerPoint currently block. For a list of extensions, please visit Blocked attachments in Outlook.
When will this happen:
This change will begin rolling out in Version 2304 in Current Channel (Preview) in late April 2023 and is expected to be complete by late May 2023.
For more information about the release schedule, see OneNote will block embedded files that have dangerous extensions.
How this will affect your organisation:
This change only affects OneNote for Microsoft 365 on devices running Windows.
The change does not affect OneNote on a Mac, OneNote on Android or iOS devices, OneNote on the web, or OneNote for Windows 10.
What you need to do to prepare:
You should make users and your support organisation aware of this upcoming change and update any relevant training documentation.
You can also use a Group Policy setting to block additional extensions that you deem to be dangerous.
For more information, see OneNote will block embedded files that have dangerous extensions and Additional Information available on Microsoft website.
NHSmail Teams Phone System
Organisations can now request an onboarding slot for the NHSmail Teams Phone System, on a first come first served basis. We are excited to provide this new functionality to the platform but please be aware that organisations will be required to purchase licenses depending on their connection option (i.e., calling plans or direct routing).
To access guidance, including how to request an onboarding slot and view the Phone System Launch and Deep Dive Webinar, please see the NHSmail support site.
Self-service password reset update
NHSmail is introducing an enhanced self-service password reset function that will enable users to reset their passwords 24/7 without the need to contact their local IT or NHSmail helpdesks.
Competing platform priorities have impacted delivery timelines for this functionality, this has now been rescheduled for Summer 2023.
The NHSmail team