Please note this information is correct at the time of publishing
Intune Windows 10/11 Tracks – new deployment options
Three options are now available to onboard Windows 10/11 devices to NHSmail Intune depending on the organisation’s requirement for access to on-premises resources. For information on the different tracks please visit Windows tracks overview on the NHSmail support site.
The three options for Windows 10/11 devices are:
NHSmail Intune is a corporate Mobile Device Management (MDM) service that is integrated with existing NHSmail capabilities and natively supports the multi-organisational nature of NHSmail. NHSmail Intune provides centralised MDM capability and allows organisations to maintain a high degree of oversight and local autonomy over their Android, iOS/iPadOS, Windows 10/11 and HoloLens 2 devices using Role Based Access Controls (RBAC).
For more information on NHSmail Intune visit the Intune service overview on the NHSmail support site.
Egress Outlook add-in for NHSmail
The latest version of Egress Outlook add in for NHSmail is now available.
You can now send large files (above 35MB) to external non-NHSmail addresses, or other addresses with this add-in installed.
Information on how to download and install the add-in is available on the NHSmail support pages- NHSmail Egress Outlook add-in and Encryption Guide for NHSmail.
Help and further guidance
| Help | Contact | |||
| Support for encrypted emails and Egress | Egress support desk: 0844 800 0172 Egress Encryption Tutorial Videos – NHSmail Support |
|||
| Recipients of NHSmail encrypted emails who require help with registration | Refer to: Accessing encrypted emails for non-NHSmail users Egress support desk: 0844 800 0172 | |||
| Other NHSmail queries | NHSmail helpdesk: 0333 200 1133 | |||
Internet Explorer 11 (IE11) retirement and disabling of the desktop app in Windows 10
From 15 June 2022 Internet Explorer 11(IE11) desktop application will retire for certain versions of Windows 10.
The IE11 desktop application will be redirected to Microsoft Edge.
Additionally, the IE11 desktop application will be permanently disabled as part of a Windows Cumulative Update.
To find out further details about the Internet Explorer 11 retirement, please visit Internet Explorer 11 desktop app retirement FAQ – Microsoft Tech Community and the NHSmail support site Internet Explorer 11 (IE11) retirement and disabling of the desktop app in Windows 10 – NHSmail Support.
Transport Layer Security (TLS) deprecation reminder 30 June 2022
On 30 June 2022, Microsoft will remove the connectivity for TLS 1.0 and 1.1 in NHSmail Active Directory Federated Services (ADFS).
NHSmail ADFS is used to authenticate to NHSmail when logging on and used by many applications for single sign on. The applications or clients that communicate with or authenticate against NHSmail ADFS may not work as expected or at all if they cannot use TLS 1.2 to communicate.
Organisations should conduct a review of its TLS usage and upgrade to TLS 1.2 or 1.3 to avoid any service disruptions.
Further information can be found in Transport Layer Security (TLS) Deprecation Guidance on the support site.
Enforced Multi Factor Authentication (MFA) for compromised accounts
The NHSmail team frequently review the security posture and security level of the platform.
Compromised accounts are a big threat to any organisation so to further protect the NHSmail platform from this threat, MFA will be enforced to every NHSmail account that is compromised. This change will come into effect with a Portal release expected week commencing 27 June 2022.
Further information can be found on Announcements section of the NHSmail support site.
Acceptable Use Policy (AUP) update
An update to the Acceptable Use Policy (AUP) is planned to take place late Q2 2022.
The current AUP prevents users from sending emails via Outlook/OWA and hides the navigation menu in the NHSmail Portal on accounts who have not accepted the AUP. The policy also restricts Local Administrators permitted actions to user accounts.
The planned update will block users who have not accepted the AUP from accessing all Microsoft 365 applications (including non-Microsoft 365 applications registered against Azure Active Directory), where end users will be presented with an error message. Access will be granted once the AUP has been accepted.
Important action required from Local Administrators
Local Administrators are required to communicate the planned update to end users in their organisation who have not accepted the AUP and proactively manage these users. The NHSmail Portal ‘mailbox report’ shows whether users have accepted the AUP, (column Z (AUPStatus) will show TRUE or FALSE).
An AUP communication template has been added to the broadcast and bulletins files section of the LA Collaboration Team for local use.
Further detailed guidance referring to this change and LA actions required are found on the NHSmail Acceptable Use Policy support site article.
NHSmail Data Sensitivity Labels
As part of several enhancements identified to improve the NHSmail platform, the deployment of sensitivity labels provides improvements around the classification and protection of content across the NHSmail shared tenant.
Sensitivity labels are a Microsoft Information Protection (MIP) component deployed as a cloud-based solution that enables the classification and protection of content through the application of predefined configurations.
The NHSmail Data Sensitivity Labels have been designed using the NHSx Records Management Code of Practice as a central guidance and considerations have been taken to balance Information Governance terminology with the expected variety of use cases across the NHSmail shared tenant. The NHSmail Data Sensitivity Labels comprise of 4 parent labels:
-
- General
- Corporate
- Official
- Official Sensitive
The NHSmail Global Sensitivity Labels can be enabled to organisations through an opt-in approach at ODS group level. This means that organisations interested in using sensitivity labels as part of their Security and Information Governance strategy must submit a Service Request via the Helpdesk Self-Service.
Prior to submitting the Service Request, Local Administrators must ensure that they have read all Sensitivity Labels guidance available in the NHSmail support site and that they are aware of the following information:
-
- Requirements that must be completed so that sensitivity labels can be used by end users
- Current known limitations of the service
- Impacts, use cases and recommendation
- Local Administrator’s responsibility to communicate this change to all end users in the organisation at ODS group level
Legacy Protocols on Primary and Local Administrator accounts (PLA/LAs) – POP, IMAP and SMTP
We have previously communicated to individual Primary/Local Adm
inistrators regarding the use of POP, IMAP and SMTP protocols. To ensure the continued security of the NHSmail platform, we require these legacy protocols to be disabled on your individual Prim ary/Local Administrator account account
If no action is taken to disable these, NHSmail will undertake this centrally and disable POP, IMAP and SMTP on those accounts Monday 30 May 2022.
We will communicate out once again to those affected, advising of this action.
For more information on disabling these protocols, please visit the Enabling and disabling POP IMAP SMTP on the NHSmail support site
Free Microsoft exams and Azure Security courses
NHSD have partnered with Microsoft to discount all Azure and Security courses and exams, so they are free of charge for NHS staff.
For further information on how to book on a course, prepare for an exam and earn the certificates you want, please visit Microsoft partners with the NHS to support your skills journey – NHSmail Support on the NHSmail support page.
Best wishes,
NHSmail Team
NHSmail is provided by NHS Digital
in partnership with Accenture
| Last Reviewed Date | 27/05/2022 |
