1. Home
  2. Guidance
  3. Security
  4. Cyber Security
  5. Using NHSmail on shared computers or unmanaged devices

Using NHSmail on shared computers or unmanaged devices

When using a shared computer or unmanaged device it is important to ensure data from one user does not become available to anyone else.

Typically, applications locally do cache data and work on the assumption that the device will provide protection for the data at rest.

For managed devices these will have protections enabled such as device encryption at rest, only be accessible to someone with user level permissions and require a per user username/password to access.

On a shared computer or unmanaged device, Organisations should ensure they have policies around the following minimum Operating System platform security capabilities as it is not currently possible to technically enforce these through Office 365 controls:

  1. Ensure that the operating system is configured to install automatic updates from the Operating System provider (for Microsoft systems, this can be accomplished via Windows Update).
  2. Ensure that the device is encrypted (for Microsoft Systems bitlocker is enabled), and the key or account used to access the device is secured.
  3. Ensure that the device has anti-virus capabilities enabled (for Microsoft systems Windows Defenderis built into the operating system).
  4. Use separate user accounts for each user of the device.
  5. Do not grant, or use, administrator privileges for non-administrative functions (such as browsing the web, running Teams, etc).

If any of the above cannot be implemented, utilise browser security capabilities instead:

Use private browsing sessions to minimise data that persists to disk. For example, use inPrivate browsing in Microsoft EdgeIncognito browsing in Google Chrome, or the capabilities your specific browser offers for browsing privately.

Changing the system behaviour to engage private browsing by default is recommended.
Use Outlook on the web and the Teams web app (sometimes called the web client) not an email programme like Outlook/a built in email client or the downloadable Teams client.

When finished using the shared system, you must:

    1. Sign out of Teams and Office 365.
    2. Close all browser tabs and windows.
    3. Sign out of the device.

    The items above are not a comprehensive list of best practices or security controls covering all cases, and there may be extra actions that can be taken in your environment.

    For additional information on Windows Devices:

    Bitlocker in Configuration Manager
    Bitlocker for Windows 10 in Intune
    Endpoint security in Intune
    Enable Microsoft Defender Antivirus in your Windows Security and run scans
    Microsoft Defender security centre article
    Teams web client/teams web app
    Security and Microsoft Teams

Updated on 16/09/2020

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
back to top