MFA Adoption Toolkit


Multi-Factor Authentication (MFA) is being rolled out to provide an additional layer of security to protect NHSmail users information. MFA is an effective way of protecting against compromised accounts and decreases the likelihood of a successful cyber attack. According to Microsoft, MFA can block over 99.9% of account compromise attacks. Enabling MFA for all NHSmail users will also…

Enhance the security posture of the NHSmail platform Satisfy security recommendations and best practice Meet the UK public’s data protection expectations Support the rollout of Conditional Access and security features

This article provides all the information and resources Local Administrators need to perform the required readiness and rollout activities for the adoption of MFA. The communications and engagement materials provided below can be tailored to fit local organisations and have been developed following engagement with NHSmail users across different roles, organisations and settings within the NHS.

Download Here (click here to review)

Readiness Checklist

ü Ensure users are not enabled for legacy authentication protocols

ü Segment user base using available guidance to plan phased rollout to staff at your  organisation:

      • Local Admins & NAS
      • Desk-Based Roles
      • Patient-Facing & Technical Roles
      • Specific Use Cases

ü Set up bulk enablement for users

    • Please refer to the MFA Admin Guide for additional guidance on bulk enablement

ü If you are considering using a FIDO2 token in addition to another MFA option (Microsoft Authenticator app, text message or phone call), please conduct additional testing using your preferred FIDO2 security token(s) to ensure compatibility with devices. For more information, please see the FIDO2 Admin Guide.

ü If you are considering using an NHS Smartcard you should also enable MFA using mobile app, text message or phone call for security purposes. For information on how to confirm if your account is active and deployed in your PC/Laptop, please see the  NHSmail & NHS Care Identity (Smartcard) | User Frequently Asked Questions (FAQs) – NHSmail Support guide.

ü Download and tailor communications and engagement materials to fit the local organisation contexts and specific needs:

ü Map available comms channels and create agenda for distribution to target users

ü Identify and engage with sponsors and facilitators:

    • Senior buy-in and leadership sponsor – to drive the rollout and stress the importance at an organisation level
    • Change champions – to support end users in enrolling for and using MFA (e.g. Digital Heroes, MFA champions, transformation teams)

Rollout Checklist

ü Implement a phased rollout, initially targeting users in desk-based roles with low barriers to MFA

ü For each rollout phase, provide ongoing support and collate lessons learned to define mitigation actions

ü Conduct internal organisation kick off to engage all users and distribute comms and engagement materials

ü Leverage existing channels, forums and networks to clearly communicate timelines, key dates and actions for staff

ü Continuously engage key stakeholders responsible for delivering the comms to ensure clarity on roles and responsibilities

ü Ensure prioritisation of MFA rollout in local organisations’ agendas

ü Conduct drop-in sessions to support users with registering for and using MFA and make sure to record any virtual drop-in sessions or webinars to allow staff to revisit these at a more convenient time

Last Reviewed Date 21/03/2024
Updated on 22/03/2024

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
back to top