The first time you log into your NHSmail account at portal.nhs.net, as a new user you will need to complete four tasks before you are able to start using your account to send and receive emails; accept the Acceptable Use Policy (AUP), register for Multi-Factor Authentication (MFA), update your profile, and set your user account secret. Firstly, every user of the NHSmail service is required to sign up to the AUP. This policy defines your responsibility to make sure you use the NHSmail service properly and without doing anything to compromise the security of the information that you send or receive. It is a promise to all NHSmail users, the public and patients that you are continually mindful of the information that you are sharing over NHSmail.
Acceptable use policy only appears when you follow welcome email or log into the NHSmail portal for first time via the Login button in the top-right of main NHSmail page. As of 5 October 2023, new user mailboxes will be created with MFA enabled. This setting will be applied to all user mailboxes excluding Pharmacy, Optometry, Dentistry and Social Care users managed by the National Administration Service. For further guidance on how to get started with MFA, please visit the support site article Getting Started with MFA.
To log in for NHSmail for the first time as a new user:
1. Log into your NHSmail account using your temporary password via the Login button in the top-right of the front page. Your local administrator will provide you with your temporary password following a method approved by local policy guidelines.
You will then be prompted to change your password 2. Enter your old password and new password twice in the appropriate text boxes and click Submit
Do not use the ‘£’ character in passwords as it is not supported in certain application layer protocols.
Once the password has been accepted, you will be prompted to log in with this new password 3. Enter your new password and click Sign in
4. Read the Acceptable Use Policy and agree to the terms by clicking Accept at the bottom of the page.
You will then be prompted to update your profile details and set your user account secret.
5. Once you have completed the steps of updating your profile details and setting up your user account secret, the next time you login to your account you will be prompted to enrol for MFA.
Please enrol your account for MFA by following the guidance in the Getting Started with MFA article. If you do not enrol for MFA, you will continue to be prompted with this screen every time you login to the NHSmail platform.
Once you have accepted the AUP, please wait up to 2 hours for account synchronisation activities to complete – you will be unable to send emails from your NHSmail account during this period. Please do not contact the helpdesk unless you continue to experience issues after the 2 hour window has elapsed. Please visit the O365:Platform sync timings support page for further information
For your password to be valid it must meet the following criteria:
- Minimum length – 10 characters without requiring a mix of character types
- Should not contain the ‘£’ character
- Not matching previous 4 passwords
- Not detected as a common password, for example Password123, Winter2018
- Not detected as a breached password (a password used for an account that has previously been compromised). Breached passwords will be sourced from an internet-based breach database.
Your new password can be used for up to 365 days. If you receive an error when attempting to change your password, check that it meets the requirements listed above and try again.
| Last Reviewed Date | 19/04/2024 |
