The Refreshed NHSmail service will provide all NHSmail users in England with a nationally allocated O365 licence. Please visit the O365 Feature Introduction to see what applications and services are included as part of this provision.
Local Administrators (LAs) will now be able to manage these O365 services via the NHSmail Portal, through user policies and application toggles. This ‘Getting Started’ article will introduce all the basic functions of O365 management via the NHSmail Portal so you can begin to provision services for your users.
A full range of guidance materials can be found via the Local Administrator O365 Portal Guide.
Introduction to User Policy Management
User policies enable LAs to manage O365 application access and settings for their users through the NHSmail Portal. Step by step guidance on how to login, create, edit and amend policies can be found in the How to manage user policies section of this article.
As part of the NHSmail Refresh, one National User Policy has been created for every Organisation Data Service (ODS) code on the NHSmail platform. This National User Policy represents the default O365 configuration available under the national N365 E3 Restricted licence provision and will be the default policy all users are added to through the NHSmail Refresh programme. The National User Policy will show as – ODS National Policy in the NHSmail Portal.
LAs also have the ability to create additional policies for their organisation alongside the national policy and move users between them at their discretion (for their respective organisations). The default user policy will be configured as per the application settings outlined in the table below. It cannot be changed however; LAs can create new user policies to provide access to applications that are turned off by default.
Once users are migrated into Exchange Online they will automatically be added into the National User /default Policy for their organisation. Please note some features are only available once a mailbox has been migrated to Exchange online (Office 365).
|Application Name||National User Policy Setting|
|Microsoft To Do||On|
|Microsoft Shift / Staff Hub||On|
|Microsoft PowerAutomate (Flow)||On|
|Microsoft OneDrive for Business and Office Online||On|
|Microsoft SharePoint Online||On|
|Microsoft Exchange Online||On|
User Policy Management for your organisation
An organisation can have multiple user policies, alongside the standard National User Policy, with different settings applied to each policy. This allows organisations to create different user policies based on a variety of user needs.
For example, a Local Administrator can create a policy for users who need access to Microsoft Teams, OneDrive and SharePoint only, and a different policy for users who only need access to Microsoft Shifts. It is also possible to create a policy to require users to have multi factor authentication enabled on their account.
Any additional policies will utilise the nationally provisioned O365 allocation for that organisation and its associated users. Organisations that have procured a top up licence can use those as well as or instead of these to enable any additional capabilities.
Procuring add-on or top-up licences
Organisations can continue to procure add-on or top-up licences and onboard them to the NHSmail tenant, should they wish to access additional features or higher O365 licence types. Please visit the onboarding guide for detailed step by step instructions of how to do so.
Add-on or top-up licences procured and onboarded by an organisation, can be managed the same way as standard user policies in the NHSmail Portal. These licences will appear automatically in the User Policy Management page once onboarded.
How to Manage User Policies
The following quick start guides aim to provide instruction on how to perform key tasks in user policy management:
- Creating a User Policy
- Editing/Updating a User Policy
Create a new User Policy
- Log in to the NHSmail Portal using your nhs.net credentials (the Admin toolbar will only show for LAs)
- Navigate to Admin > User Policy Management
- In the User Policy List page, click on Add > Create User Policy
4. Select the organisation you want to create the policy for, name the new policy and add a description to it if required
Note: only the organisations you are a LA for will appear in the drop-down menu
5. Select a base licence from the drop-down menu and an add on Licence if required.
Note: The base licence will be what is provisioned to your organisation through the nationally allocated N365 Office 365 licence pool. If your organisation has also procured other licences and onboarded them to the NHSmail central tenant (instructions above) – E.g. E3 or E5, these will also appear in the drop-down box. Examples of add on licence types include functionality like Dial-In Conferencing, Visio or Project. Again, these will only appear if directly procured by an organisation and onboarded.
6. You can then toggle on or off any applications as required for the new policy you are creating. Please refer to the O365 Feature Guidance article for more information on what each of the O365 applications does.
Note: Visit this guide to find out about managing mailbox size quotas.
- You can add members to the policy by selecting the Add button and searching for the user
Note: The Import button can be utilised to add users in bulk if required
- Once selected, click Update and a green success pop up will appear at the top right corner of the screen to confirm the user has been added.
- User policy names are automatically prefixed with the (ODS) code of the organisation the user policy belongs to
- Duplicate names: A single organisation cannot have 2 user policies with the same name. However, 2 or more different organisations can use the same name for their policies
- The name must not be more than 35 characters and may contain letters, numbers and spaces. Special characters are not allowed
- The description must not be more than 250 characters and may contain letters, numbers and any special characters
- LAs can add a maximum of 5,000 mailboxes at a time to a policy through the bulk update process. If the policy is larger than 5,000, the bulk import process can be repeated
- The Teams Call Recording toggle will be enabled by default on all newly created User Policies. It can be turned off in the Applications Settings box
- If an LA disables all the User Policy application toggles, but applies the Apps for Enterprise add-on – the users within the policy will still have access to all the applications provided through Apps for Enterprise, including OneDrive
- Microsoft provide a grace period for SharePoint/OneDrive access. If LA’s disable the toggle for these applications in a user policy, there will be a period where users can continue to access the applications. LA’s can delete a user’s OneDrive content where appropriate and SharePoint Site Owners can actively remove access from Site Collections if needed
Editing or updating a policy
- Navigate to User policy management following the steps above (Admin > User Policy Management)
- Search for the name of the policy that you would like to edit
- Edit the policy by updating the appropriate fields – i.e. name, description or base licence
- You can edit membership of the policy by selecting the Add button and searching for new users. If you want to add more users in bulk, click Import and fill in the excel sheet with the users you want to add. Import that excel sheet by selecting Upload.
- Click Update and a green success pop up will appear at the top right corner of the screen
Additional User Policy Information
There are some additional user policy features to be aware of, please find these detailed below:
1. Default Policies: Organisations can update their default policy via a service request to the NHSmail helpdesk, and from December 2020 newly created accounts will be automatically added to this default policy.
Please note, all users migrated to Exchange Online as part of the NHSmail Refresh will automatically be put into their organisation’s National User Policy, and Local Administrators can move users between this policy and the local default policy as required (this does not include pre-existing user policies set-up by Hybrid Organisations – users within these policies will not be affected by the migration process).
To check what your default policy is, go to Admin, Organisations, Manage Organisations. Choose your organisation and select Policies. Your default policy will be shown as per the image below
- Joiners, Movers and Leavers:
- Joiners: Will automatically be added to your organisation’s National User Policy (or Default policy if it has been changed). This will happen at the point of migration to Exchange Online through the NHSmail Refresh.
- Movers: All users must be part of a user policy. There are two mechanisms to transfer users between user policies;
- i. Via the User Policy Management: adding a user to a new policy will automatically remove them from their old one
- ii. Via the User Management Page: Search for an individual user, select edit user policy property and hit transfer. This will take you to the page shown below where you can select a new user policy
- Leavers: When marking a user as a leaver there are a few additional considerations to make – such as whether the user needs to retain their OneDrive content. Please see further guidance on how to mark an NHSmail Office 365 user as a leaver.
3. Teams Recording: Will be enabled as default on all newly created user policies, in line with current settings on the platform. This can be manually disabled by Local Admins if required. Please see further guidance on Teams Call Recording, including instructions on how to setup, access and manage call recordings.
4. Policy Status: Users can only be assigned to one policy. To check a specific user’s policy: navigate to Admin, User Management, search for the user in question, you will see the user policy detail within the directory properties. This will show what policy the user is part of (if any).
Creating Microsoft Teams & SharePoint Collections
LAs can also create new Teams and SharePoint Collections through the NHSmail Portal. Specific guidance on how to perform these actions can be found via the links below: