Historically several mailboxes have been set up as normal user accounts rather than as true shared mailboxes. With the enforcement of MFA (Multi factor Authentication) across the platform these need to be converted to true shared mailboxes so they do not require MFA moving forward as they will be accessed through delegation.
The article below shows how this can be done via the portal.
Setting shared mailbox permissions – NHSmail Support
Conversion Request Process
The NHSmail service team will initially start by reaching out to requestors who have submitted accounts to the Long-Term Exception process detailed here Multi-Factor Authentication Short and Long Term Exceptions Admin Guide – NHSmail Support .
This will be on a first come first served basis. The requestor will be contacted with a list of the accounts they have submitted with the “Shared User Account” rationale and be asked to confirm if these accounts require conversion – with consideration of the important note above. No accounts will be taken forward for conversion until a response to this list is received by the service team.
Once the list of accounts to target for conversion is received, the service team will respond with when that batch of accounts will be converted – this is an overnight process starting out of hours (after 7pm). We cannot accommodate scheduling asks due to the number of mailboxes requiring conversion – mailboxes will be targeted for the first available slot after the requestor confirms the list for conversion.
Mailboxes can continue to be used during the process, but it is recommended to not use the mailbox if possible.
Once the backlog of requests in the Long-Term Exceptions queue has been completed, a form for requesting conversion will be made available for Local Administrators to submit their mailboxes for conversion – this guidance will be updated with a link to that form once available.
Conversion Process
Mailbox Archive
One of the substantial changes as part of the process is that the archive for any account due for conversion needs to be removed as this is a licensed feature of user mailboxes. The process will move any data in the archive back into the main mailbox utilising the same structure present in the archive.
Calendar items in the archive will not be restored as these trigger the reminders for those old meetings of the mailbox and so these are to be skipped from the process.
Once all data has been moved back into the main mailbox, the archive will be removed from the mailbox.
For mailboxes where the main mailbox and archive data is above the 50GB limit for a shared mailbox the requestor will be notified, and the mailbox will not be converted at this time. A solution for this instance will be communicated to those requestors in future.
Rename
All shared mailboxes on the platform conform to the naming convention of having the organisation shortname (Refer to: Viewing and editing organisation attributes – NHSmail Support) followed by the mailbox name i.e. a-ne.sharedmailbox@nhs.net where a-ne is the organisation shortname.
All mailboxes submitted to the process will undergo this change to align with the naming convention but will continue to have the existing address as a secondary alias on their account – meaning mail addressed to the old alias will continue to be delivered. It should also be noted that the new address with the shortname will be what is seen in recipient’s mailbox, and this cannot be changed.
If an organisation has named a user mailbox using the existing convention for shared mailboxes, we will not add the shortname again i.e. a-ne.sharedmailbox@nhs.net would not become a-ne.a-ne.sharedmailbox@nhs.net.
In instances where a mailbox already exists with the address intended the mailbox to be converted will be prepended with a numeral starting at 1. So, if sharedmailbox@nhs.net was to be converted but the organisation already has a-ne.sharedmailbox@nhs.net the converted mailbox will become a-ne.sharedmailbox1@nhs.net.
Conversion
The mailbox will then be converted from a user mailbox to a shared mailbox.
This involves changing the mailbox type to shared rather than a user mailbox. The license currently assigned to the mailbox will also be removed as it is no longer required. The account will then also be disabled – which just means that it cannot be logged into directly using the username and password. All access will need to be through delegation.
Completion Communication
Following the completion of a batch of mailboxes the requestor will be contacted by the service team to confirm the successful completion of the batch and to ensure that the requestor is kept abreast of progress.
Any failures will be noted with information on next steps available within the communication.
Considerations
If a mailbox has data that needs to be retained before conversion, like files stored in OneDrive, LAs are encouraged to export this data beforehand because after conversion, services like OneDrive will not be accessible.
Similarly, accounts with saturated mailboxes and Online Archives should be carefully reviewed before being submitted for conversion, because shared mailboxes do not have an Online Archive and cannot be enlarged above 50GB.
Last Reviewed Date | 24/07/2024 |