Overview
A Multi-Factor Authentication (MFA) exceptions process has been implemented as part of the April 2024 Portal Hendy release. Users can now request an exception through the NHSmail Helpdesk if they require one and are unable to use the traditional MFA methods.
This article is intended to provide guidance to PODS users on what short-term and long-term MFA exceptions are, and details on the valid reasons for requesting an exception.
Users cannot make a self-service request for an MFA exception and would need to contact the NHSmail Helpdesk if an exception is required.
MFA Exceptions Categories
MFA exceptions fall into two categories:
- Short Term exceptions – This process is to provide a 24-hour MFA exception for a user.
- Long Term exceptions – This process is to request a 180-day exception for MFA prompts on the Portal and O365 apps.
Once the short term (24 hours) or long term (6 months) exception period has expired, users will experience MFA prompts again.
MFA Exceptions will allow users to login into NHSmail services without MFA prompts. However, the user account must still have an Azure Authentication Method registered initially. NHS England recommends users to set up Microsoft Authenticator app as an authentication method: https://support.nhs.net/knowledge-base/getting-ready-to-use-self-service-password-reset-and-unlock/#set-up-microsoft-authenticator-app-as-your-authentication-method
MFA Short Term Exception Validity
To request a 24-hour MFA exception for your user account, please contact the NHSmail Helpdesk by telephone on 0333 200 1133 if any of the valid reasonings in the table below apply:
| Business Justification | Additional Actions |
| Mobile phone stolen or lost | Contact NHSmail Helpdesk if your phone is stolen and when you have it replaced as you will have to re-enrol for MFA again |
| Mobile phone misplaced | Contact NHSmail Helpdesk when you find or replace your phone as you will have to re-enrol for MFA |
| Temporarily attending a location without mobile signal and/or internet connection | N/A |
| Issues receiving Microsoft Azure MFA notification | User will need to contact NHSmail Helpdesk if the issue continues as they may need to re-enrol for MFA |
| Other (under NHSmail Helpdesk discretion) |
|
MFA Long Term Exception Validity
To request a 6-month (180 day) MFA exception for your user account, please contact the NHSmail Helpdesk from your sites shared mailbox if you or a colleague you are raising an exception on behalf of, believe you have exceptional circumstances that warrant this. This could be due to certain accessibility issues, disproportionate clinical risks arising, or persistent work in a secure location.
Detailed supporting evidence specific to your situation must be provided when requesting an MFA Long Term Exception. Failure to do so will result in requests being rejected.
| Last Reviewed Date | 25/07/2024 |
