This site uses cookies to improve your user experience. By using this site you agree to these cookies being set. To find out more, please read our privacy policy.

Frequently Asked Questions (FAQs)

What is Multi-Factor Authentication (MFA)? 

MFA protects you by asking you to prove (authenticate) who you are by providing a second form of identification (ID), in addition to your username and password.

To provide this second form of ID, it is recommended that you use the Microsoft Authenticator app on your work or personal mobile device to generate a unique code that can be used to verify your identity. This will help prevent anyone but you from accessing your NHS.net account - even if they know your password.

Why do I need MFA on my NHSmail account?

Cyber-attacks on electronic health records and other systems pose a risk to patient privacy because hackers could access sensitive information, potentially causing harm to patient safety and care delivery. Hackers could also use ransomware viruses to hold medical records or devices hostage, risking your access to vital tools and information.

Why is NHSmail recommending the use of the Microsoft Authenticator app?

The Microsoft Authenticator app (shown below) is one of the most popular and reliable authentication apps.

You might already have it on your personal phone for online services like banking, shopping, and social media.

This is the reason NHSmail is recommending the use of Microsoft Authenticator to help limit the number of apps you need to navigate as part of your daily routine.

Microsoft Authenticator app

Where can I get the Microsoft Authenticator app?

If you don’t already have Microsoft Authenticator, you can install the app for free from the App Store or Google Play store.

How much data does the Microsoft Authenticator app use?

The app uses only a small amount of mobile data. 

If your device is connected to Wi-Fi, no mobile data will be used to install and use the app. Please consider connecting to NHS Wi-Fi whilst on site.

Do I have to pay for the Microsoft Authenticator app? 

No. The Microsoft Authenticator app is free of charge. You can install the app for free from the App Store or Google Play store.

How do I set up MFA on my NHS.net email account? 

Please set up MFA on your NHS.net email account before 30 June 2024 to enhance your security and avoid any disruption to your email access once MFA is activated on your account. To set up MFA on you NHS.net email account you will need access to a work or personal mobile device. 

Is MFA required?

From 30 June 2024, you will need to use MFA in order to access your NHS.net email account. If you are only using the NHS.net service as a secure method of sending emails, please be aware that your organisation's email account may already be accredited to the same security standard (DCB1596) as the NHSmail (NHS.net) service. 

For more information, please refer to the list of accredited organisations that are compliant with the secure email standard. If you have any queries please contact your IT Service Desk or Information Governance (IG) Team.  

When will I be prompted for MFA?

In most cases, you will be asked to verify your identity using MFA each time you login to your NHS.net email account from a different device or Internet browser.

What happens if I enrol for MFA and don't have access to a mobile device?

To continue using your NHS.net email account you must set up MFA. This will require access to a mobile device - either a work or personal device is ok to use. If you have enrolled for MFA on your NHS.net account and don't have access to a mobile device, please contact your IT Service Desk for support. 

Should I set up MFA on a shared mailbox that others sign in to?

If you access a shared mailbox, which other people also sign in to, please do not set up MFA on this account.

Is NHS.net the only method for sending emails securely?

If you are only using the NHS.net service as a secure method of sending emails, please be aware that your organisation's email account may already be accredited to the same security standard (DCB1596) as the NHSmail (NHS.net) service. 

For more information, please refer to the list of accredited organisations that are compliant with the secure email standard.  If you have any queries, please contact your IT Service Desk or Information Governance (IG) Team.  

My account is locked out. What should I do?

The most common reason why your NHS.net account is locked is that you have entered an incorrect password or the MFA has failed. In this case, please contact your IT Service Desk 

What should I do if I get a MFA notification on my device when I didn't sign in?

If you get a notification from the Microsoft Authenticator app that you did not request, that means someone else is trying to log in using your account and your account may have been compromised. Tap the Deny button in your Microsoft Authenticator app or take no action if a code is pushed to your device and contact your IT Service Desk immediately.