Local Administrator Webinars

General updates:

• Basic Authentication presentation covers how users can register their applications to use OAuth 2.0; how users can configure their applications depends on the software they are using.
• Brief Service management updates: Multi-factor Authentication abroad update,
• A reminder that the Teams Rooms Licencing expiration date is July 1^st
• A reminder about the GP telephony deadline expired on 30 April 2023 and is now following a 30-day grace period
• Bulletins and communications – NHSmail Support – latest bulletin can be found here
• Latest LA bulletin is available on NHSmail support pages

Technical Architects updates:

• Roadmap now includes MDE changes and updated application approved/rejected
• Basic Auth deprecation updates for EAS/RPC
• GP Phone System decommissioning
• Security Groups work has begun; delivery is planned in 3-4 months.
• Self Service Password Reset – status – work in progress

Other information:

We will establish a page for events that are taking on in the NHSmail team. Various Deep Dive sessions are available on the NHSmail support pages and are listed below.

• Intune,
• Phone System Deep Dive
• Conditional Access Deep Dive for Bring Your Own Device
• Planning TanSync Deep Dive for June/July

Infrastructure Upgrade 21-23 April

Information – Planned Infrastructure Upgrade (NHSmail Datacentre) – Postponed – NHSmail Support

Updated note: this upgrade has since been postponed and new notifications will be added to the Announcements section of the NHSmail support site closer to the new dates.

Guidance regarding the relay config – https://support.nhs.net/knowledge-base/relay-configuration/

VN121B Release – 13 April 2023

The VN121B release was successfully deliver last week.

This release included a fix for the Multifactor Authentication (MFA) disablement bug mentioned on the previous session and after a period of monitoring post-release we can confirm that fix included in the release has resolved this issue.

The release also included a fix for the MFA status report issue we saw around the report timing out and not running for organisations. We have also been monitoring this since the release last week and can confirm that the timeout issue is resolved. We are aware that there are one or two tickets from organisations about this report, but these do not appear to be related to the timeout issue that the release fix was targeting and are being picked up separately

Portal Issue / Microsoft Global (SMB) Issue / Email Send Issue
We’ve had 3 key issues this week affecting the service, all of which are now fully resolved.

Further details on each can be found on the announcement links below:

• Portal Slowness:INC35358395 – Portal Slowness – RESOLVED – NHSmail Support
• Microsoft Global Issue (NHSmail impacts):
  INC35398047 – Shared Mailbox Access Issue – RESOLVED – NHSmail Support
• Intermittent email send issue to Microsoft email addresses:
  7016347354 – Issues Sending Mail to Microsoft Email Addresses – RESOLVED – NHSmail Support

Public vs Private

Reminder that in the majority of cases Teams, SharePoint and Stream content should be set to Private rather than Public or visible to Everyone in my organisation.

Current guidance: Private vs. public settings in O365 – NHSmail Support
Privacy monitoring: O365 Privacy Monitoring – NHSmail Support

MFA Update
Update: the NHSmail MFA policy has now been published: NHSmail MFA Policy – NHSmail Support

Next webinar – Basic Auth demo – 5 May 2023

We will also have a demo on the next webinar around the basic auth process that will cover the use of both in-house and third-party applications that need to register with Azure Active Directory ahead of the basic auth deprecation deadline in June

Infrastructure Upgrade (Hemel) 14 April – 15 April –

Information – Planned Infrastructure Upgrade (Hemel Datacentre) – First Notice – NHSmail Support
Work will begin at 19:00 on the Friday and similar to the recent Slough upgrade, there will be 3 notices to raise awareness on the support site beginning from Tuesday 11 April.

During the change window, all traffic will be re-routed to the active data centre to ensure there is zero-impact on NHSmail users.

Please note that any remote organisations that use direct IP addresses rather than DNS to access the email gateways my potentially lose service during the upgrade activity. If you believe that your organisation is using direct IPs for any system config, we would strongly advice that these are changed to use our standard DNS settings to prevent any loss of service. The following guidance shows how this change can be made: https://support.nhs.net/knowledge-base/relay-configuration/

If changing to use DNS is not possible and significant end user impact that could potentially result in clinical risk during the change window is identified, please contact the Helpdesk for further guidance.

Whilst we expect there to be zero impact to end user, we would advise that you ensure that your service continuity plans are reviewed in advance.

High-Send Solution Issue (30 March) – INC35069133 – High Send Authentication Errors – Monitoring – NHSmail Support
This issue is fully resolved and the high-send solution is operating as normal. Full details of the incident can be found on the Announcements page.

Portal Slowness Issue (4 April) – INC35148773 – Portal Slowness – RESOLVED – NHSmail Support
Intermittent Portal slowness issue affecting the User Management section. This appears to have been a transient issue and no further impacts have been seen since.

MFA issue
Issue identified whereby a small number of platform uses have had MFA disabled as the result of a bug. An interim solution is now in place that will run every 30 minutes during the working day to reapply MFA to any users who have been affected by this.

Please note that this only impact users who fit a specific set of criteria and have also had MFA enabled via either their LA or self-enrol. Users with role-based MFA or who have had MFA enforced by the compromised account process remain unaffected.

A high priority permanent fix is under development and will be released as soon as possible.

Telephony Deep Dive – Reminder
Reminder that the Telephony Deep Dive session will take place on 17 April.

Form to register interest – https://forms.office.com/Pages/ResponsePage.aspx?id=slTDN7CF9UeyIge0jXdO48nRfTTqG_pEn5qR_xNEMv5UQlhPRFpWQ1lFWTBNMzdGUDExMlA0UTlNRSQlQCN0PWcu

Basic Authentication Deprecation
Update provided by David Middleton

SSPR demo

Overview provided by Hector from the Accenture team.

TA Update

Reminder that the legacy alluser groups will be removed later in the year. Organisations should review all uses of these groups to ensure that the new version is being used.

Platform-wide MFA
Update provided by Jess Davenport.

Technical Update:

• Basic Authentication Depreciation reminder about upcoming changes
• Phone system launch and deep dive webinar planned for 17 April 2pm-3.30pm.

Centre of Excellence:

An overview of the NHSmail Solution Store – an app that aims to encourage collaboration and share best practice

Multi-factor Authentication (MFA):

INC34945419 – Multifactor Authentication (MFA) Prompt – RESOLVED – NHSmail Support

It has been confirmed that the issue has been caused by a recent update applied to a section of Microsoft infrastructure responsible for regulating user geo-location.

MFA report – looking to fix in early April and will exclude deleted permanent accounts

Angela Goody from NHS HERTFORDSHIRE AND WEST ESSEX ICB – produced a video on XLOOKUP, this demo is for the MFA report and mailbox report and how best to utilise them both – Thank you very much for your support.

The next LA webinar will be held on Thursday 6 April and will include an overview of the new Self Service Password Service.

Technical updates:

The dates for the retirement of the EAS and RPC, EWS, POP, IMAP, and RPS protocols and the implementation of Basic Authentication have changed.

Please refer to the Basic Authentication Deprecation guide on the NHSmail support sites if you’re interested in learning more about the implications for your organisation.

Telephony update

INC34485546 – Scan to E-mail Delivery Delay – CLOSED

After mail delays and discussions with our third-party supplier, we changed the configuration of Relay to improve peak processing stability and efficiency. These modifications have eliminated mail delays. We appreciate your patience and apologise for the inconvenience.

Fast track availability reminder:

Until June 30, 2023, the NHS will be able to take advantage of the Fast Track tool for migrating personal and shared data to OneDrive for Business and SharePoint Online. Please see NHSmail FastTrack File Share Migrations | Requirements – NHSmail Support for further information regarding this service.

Centre of Excellence:

Update on Power Platform Data Lost Prevention Policy changes which can be found on NHSmail support pages Power Platform Guidance – NHSmail Support

New features and improvements for the Asset Booking Tool implementation process are on the horizon. Information on how to do this can be found on the NHSmail support sites dedicated to the Desk Booking App.

Multi-factor Authentication (MFA) update:

An up-to-date explanation of the issues affecting the MFA report and the proposed iterative approach to fixing them by combining the data from the Mailbox Report and the MFA report is now available. For more info, check out NHSmail Support Pages about – MFA Status Report

To further ensure the satisfaction of LA Webinar attendees, MFA will be added as a regular agenda topic.

Other information:

NHSmail all user survey: Please thank everyone who helped spread the word; we got almost 58,000 answers; this is fantastic!

On March 21, 2023, we will be disabling Yammer’s public Storylines to reduce spam communications.

Service Updates:

Portal Access issue – 20 February – Resolved

INC34412483 – Portal Intermittently Inaccessible – RESOLVED – NHSmail Support

Intermittent Portal access issue occurred on Monday 20 February causing an error when users attempted to log in.

MS Bookings issue – 14 February – Resolved

INC34265287 – MS Bookings Admin Functions – RESOLVED – NHSmail Support

Issue with MS Bookings preventing users from adding or amending Bookings calendars within the NHSmail Portal.

Release updates:

Dickson release delivered on Thursday 2 March – Dickson Release – Content Summary – NHSmail Support

Key items:

• PnP update – functionality returned to the platform for use by LAs.
• My Approvals performance update – 58913
• Guest Inviter view update – 47507
• MAC email notification updates – 70222 / 70928

The service will be moving to a new release cadence post-Dickson that will see smaller releases being delivered on a shorter cycle to ensure we get new features out onto the platform sooner.

Service Reminders:

Old NHSmail Power Platform default environment decommissioning

Reminder that the old NHSmail Power Platform default environment has now been decommissioned in full.

Information – Power Platform Old Default Environment Decommissioning – NHSmail Support

NHSmail access from outside the UK

Also a reminder for anyone who wasn’t able to make the last webinar, that we have recently made changes to NHSmail access from outside the UK and recommend that organisations ensure that MFA has been enabled on accounts prior to users leaving the UK if NHSmail access is going to be required.

Information – NHSmail users working outside of the United Kingdom (UK) – NHSmail Support

NHSmail annual survey reminder

Final reminder from me that the NHSmail annual survey is now live for responses and will be open until Friday 10 March.

We’d like to encourage as many people to respond as possible as the more feedback we get from yourselves, the more we can improve the service to meet your needs.

https://survey.nhs.net/nhsmail-user-survey-2023/

Other Key Updates:

• MFA Update – platform-wide enforcement announced.
• REMINDER: BYOD Technical Deep Dive session (28 February) – Bring Your Own Device Security Controls | Overview and Deep Dive Webinar – NHSmail Support

Telephony capability overview

• Delivery delay issues  

Two issues with delayed delivery of emails either to or from external domains this week

The first issue occurred on Monday and only had intermittent impacts which were very minor. The issue was resolved quickly, and the queues completely cleared by close of play on the same day. 

Further information here: INC34183362 – NHSmail Delivery Delay – RESOLVED – NHSmail Support 

• The second issue occurred on Thursday and further details can be found here: INC34243035 – Mail Delivery Delay – RESOLVED – NHSmail Support 

• Old NHSmail Power Platform default environment decommissioning
  Information – Power Platform Old Default Environment Decommissioning – NHSmail SupportUpdate regarding the old NHSmail Power Platform environment which will be decommissioned from this week.This should have minimal to no impact on organisations as the new default environment with updated data residency in the UK has been in place since September 2022. Any specific PowerApp users who will be affected have been contacted via target comms over the last few weeks with details of any actions required. 

•  NHSmail access from outside the UK
  Information – NHSmail users working outside of the United Kingdom (UK) – NHSmail SupportPlease be aware that a change was implemented on Friday evening (10 February) that will require any users attempting to access the service from outside the UK to have MFA enabled on their accounts. 

• NHSmail annual survey – will go out this week for users to respond to.  

• Chatbot walkthrough & demo – Accenture team 

• Deskbooking App walkthrough – Centre of Excellence team

• Teams Delete Status Portal issue – resolved

On Tuesday of this week, we had a recurrence of Teams showing as deleted in the NHSmail portal, which has now been resolved.

Please take into account that the problem on Tuesday was only cosmetic, and there was no loss of Teams or Teams data at any point.

Full details – INC33938944 – Teams Group Status – UNDER MONITORING – NHSmail Support

• Microsoft O365 issue – resolved

Those on this call will also be aware that there was a global Microsoft issue this week that may have impacted your users’ access to O365 services.

This incident has been fully resolved and details can be reviewed on the support site:

Microsoft 365 Alert – Service Degradation – Microsoft 365 suite – Users may be unable to access multiple Microsoft 365 services – RESOLVED – NHSmail Support

• Portal slowness issue – resolved

On Wednesday morning, we experienced a brief intermittent issue that caused Portal slowness for some users.

This was quickly resolved with little disruption to the service.

Full information can be found on the Announcements page – INC33981101 – Portal Slowness – RESOLVED – NHSmail Support

• Multi-Factor Authentication (MFA) Number Matching

We enabled number matching for all users of the Microsoft Authenticator app on Thursday evening (25 January 2023).

This is to ensure the change is managed closely, prior to the enforced change by Microsoft starting 27 February 2023.

Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator.

When a user responds to an MFA push notification using the Authenticator app, they will be presented with a number. They need to type that number into the app to complete the approval.

We expect this change to have no negative impacts for users and any issues should be reported to the Helpdesk.

We have also updated our current guidance to reflect the new number matching capability and the guidance can be found here:

Getting Started with MFA – NHSmail Support

• NHSmail access from outside the United Kingdom (UK)

We would also recommend that MFA is applied to the accounts of any users who may have a valid need to access their NHSmail from outside the UK as permitted by your organisation’s own local policies before they leave the country.

We do not recommend that users access their account via non-corporate VPNs when outside of the UK as there is a risk that their access will be blocked.

In the near future, we will be enforcing MFA on any connections to the service made from outside the UK. Where MFA is not in place, the user will be unable to access their account or any other NHSmail services.

More details regarding timelines for when this will be enforced will be added to the Announcement page of the support site shortly.

• Accessibility: Teams Live Captions

Please note that function to turn on/off Live Captions in Teams has moved and now sits under Language & Speech within the extended settings menu.

• NHSmail survey

The NHSmail survey is due to go out in early February.

General update:

• All user survey – the questionnaire will be released shortly
• Accessibility: Sign Language View – available now in Microsoft Teams
• Information Governance – update on number matching on the authenticator app

Technical update:

• New roadmap published: NHSmail Roadmap – NHSmail Support
• MFA, which will shortly be implemented, is necessary for access from outside the UK.Planning to change the default behaviour for new accounts to require MFA by default, and you will need to delete it if doing so puts your organisation at clinical risk
• The projects for conditional access and the phone system have begun and are scheduled to be completed in the first quarter of 2023. Thank you to everyone who responded to the deep dive survey, and please feel free to join the deep dive sessions as soon as they are announced.
• Legacy Security group housekeeping – allusers moving to allusersgroup.
• MMA – Microsoft management agent – deprecation in MDE
• Azure will no longer accept connections from older versions of the Windows Log Analytics agent, also known as MMA that uses an older method for certificate handling. The affected versions are Windows 7 SP1, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012 R2/2016. The new minimum supported MMA version is 10.20.18053.0 Expected: February 2023
• Office 2013 will reach end of Extended Support on April 11, 2023. MC482560 | December 10 – This is a reminder to post (MC357842, April 2022): Office 2013 end of support: Reduce your exposure to security risks by moving to a newer version of Office. Office 2013 will reach the end of Extended Support on April 11, 2023. This means Office 2013 will no longer receive security updates, bug fixes, technical support, or online technical content support after April 11, 2023.
• Additional guidance in CVE-2022-41099 for devices with WinRE. Devices with Windows Recovery Environment (WinRE) will need to update both Windows and WinRE to address security vulnerabilities in CVE-2022-41099. Installing the update normally into Windows will not address this security issue in WinRE. For guidance on how to address this issue in WinRE, please see CVE-2022-41099.