Registering generic NHSmail mailboxes for MFA
What is a generic NHSmail mailbox?
A Generic mailbox is an email account that multiple people can use. Instead of being linked to just one person, it’s used by a group, such as a team, department or GP practice, to manage emails collectively. An example of a generic mailbox is gp.n8000@nhs.net.
Why is MFA being introduced for generic NHSmail mailboxes?
MFA is being implemented for generic mailboxes to enhance security and ensure that only authorised users can access them. This helps protect patient data and comply with NHS security standards.
Can generic NHSmail mailboxes be set up for MFA?
Yes, generic NHSmail mailboxes can be configured for MFA. NHS England has mandated that all NHSmail mailboxes must be registered for MFA. However, it is essential to have a designated responsible user who will manage the MFA process for the generic mailbox.
Can I register for MFA using my NHS Smartcard?
NHS Smartcards are classed as a secondary type of authentication method and require a primary method to be enrolled first.
The primary methods are:
- (PREFERED) Authentication App: Download the Microsoft Authenticator app to your smartphone to verify your sign in or to get a verification code.
- Text message: A text message (SMS) is sent to the mobile phone number registered containing a verification code.
- Call: An automated voice call is made to the mobile phone number registered prompting the user to press # on their keypad.
Once the primary method has been enroled, the Smartcard can then be setup.
Who should manage the MFA for a generic mailbox?
A designated responsible user, such as a team lead or a senior member of the department, should manage MFA for the generic mailbox. This user will receive the MFA codes and handle the setup and any future re-verifications.
Please note: Generic mailboxes will be added to an exception list to avoid being prompted for MFA when accessing the mailbox.
How is MFA set up for a generic NHSmail mailbox?
The process involves the following steps:
- Identify a responsible user for the generic mailbox.
- The responsible user should log in to the NHSmail Portal and register for MFA using a mobile device or an app like Microsoft Authenticator.
Your IT Service Desk can assist with the registration process if needed.
What if the responsible user is unavailable when MFA is required?
It is advisable to have a backup responsible user or a contingency plan in place. The backup user can be added as an additional authentication contact. Your IT Service Desk can help manage this process.
Please note: Generic mailboxes will be added to an exception list to avoid being prompted for MFA when accessing the mailbox.
Can multiple users receive the MFA codes for a generic mailbox?
While it is technically possible to have multiple users registered for MFA, it is recommended to have a single responsible user to avoid confusion. Alternatively, users can use a shared device, like a departmental mobile phone, to receive codes.
Please note: Generic mailboxes will be added to an exception list to avoid being prompted for MFA when accessing the mailbox.
How often will the owner of the generic mailbox be prompted for MFA?
Generic mailboxes will be added to an exception list to avoid being prompted for MFA when accessing the mailbox.
How do we change the responsible user for a generic mailbox?
To change the responsible user:
- Contact your IT Service Desk to update the responsible user details.
- The new responsible user will need to re-register for MFA.
What happens if the responsible user leaves the organisation?
If the responsible user leaves, it is crucial to immediately contact your IT Service Desk to update the MFA settings and assign a new responsible user to prevent any access issues.
How do we get help if there are issues with MFA for a generic mailbox?
If you encounter any issues or have questions, contact your IT Service Desk for assistance. They can help troubleshoot problems and guide you through the MFA process.