NHSmail Enabling collaboration for health and social care



Welcome to the NHSmail communications page. You can access all of our latest communications to Local Administrators (LAs) and end users from here. Use the drop-down fields to display the communications that are relevant to you.


LA Communications

  • LA Webinar – 26 September 2018

    Slides from the September LA webinar, which provide updates on the NHSmail Service, account management lifecycle switch-on, Multi-Factor Authentication (MFA), Single Sign On (SSO), anti-spoofing, impersonation accounts, NHSmail Office 365 Hybrid Service, all-user satisfaction survey. Please also see the recording of the webinar and the Q&A log.

  • LA Webinar – 3 July 2018

    Slides from the July LA webinar, which provide updates on NHSmail service performance, platform clean-up of inactive accounts, Portal development, repeated account lockout guidance, Skype for Business – unavailability, anonymous access to NHS Directory, NHSmail Single Sign-On, anti-spoofing, NHSmail news and calendar federation. Please also see the recording of the webinar and the Q&A log.

  • LA Webinar on GDPR – 17 May 2018

    Slides from the GDPR LA webinar held on 17 May 2018 are published in the ‘GDPR’ section of the Portal (found under Help>Policy and Guidance>GDPR>GDPR guidance for the NHSmail Live Service - England), together with the recording of the webinar.

  • LA Webinar - 28 March 2018

    Slides from the March LA webinar, which provide updates on service status, account management lifecycle, application accounts, business continuity and disaster recovery testing, anti-spoofing, Skype for Business file sharing and recording and an update on the growth area. Please also see the recording of the webinarand the Q&A log.

  • LA Bulletin - 27 November 2018

    Latest information on the NHSmail Service including anti-spoofing, account management lifecycle, NHS Directory contact clean-up, Portal release details, address book federation, NHSmail Office 365 Hybrid Service, Outlook add-in tool to report phishing emails, targeting users with bulk emails from an external source, NHSmail registration for GP Locums and general service information and reminders.

  • LA Bulletin - 9 October 2018

    Latest information on the NHSmail Service including user satisfaction survey 2018, Portal release, account management lifecycle switch on, Multi-Factor Authentication (MFA), Single Sign-On (SSO), anti-spoofing, impersonation accounts, NHSmail Office 365 Hybrid Service and general service information and reminders.

  • LA Bulletin - 10 September 2018

    Latest information on the NHSmail service including Portal release details, account lockout guidance, NHSmail Office 365 Hybrid solution, local IT helpdesk fields in Portal, transferring large quantities of Patient Identifiable Data (PID), Multi-Factor Authentication (MFA) and general service information and reminders.

  • LA Bulletin - 14 August 2018

    Latest information on NHSmail service including the automation of the account management lifecycle, NHS Directory contact clean-up and the process for escalations.

  • LA Bulletin - 12 July 2018

    Latest information on NHSmail service including anti-spoofing, Portal update, Outlook add-in tool to report phishing emails, Skype for Business – unavailability, repeated account lockout guidance, anonymous access to NHS Directory, O365 Hybrid, ‘NHSmail News’, calendar federation and platform clean-up of inactive accounts.

  • LA Bulletin - 4 June 2018

    Latest information on NHSmail service including General Data Protection Regulation (GDPR), Microsoft Exchange 2013 ‘extended’ support, last Portal release, blocked accounts on NHSmail, account deletions, O365 Hybrid, Microsoft Windows 10 operating system licences with Advanced Threat Protection (ATP) and general service information – reminders.

  • LA Bulletin - 1 May 2018

    Latest information on NHSmail service including General Data Protection Regulation (GDPR), last Portal release, resource mailboxes, Office 365 Hybrid – Azure Active Directory, anti-spoofing, Data Security and Protection Toolkit (DSPT), Microsoft Outlook calendar settings and BT Domain Name Service (DNS) change.

User Communications

  • Security improvements are being made this week to the way that incoming emails are processed by NHSmail. From now on, spoof emails sent over the internet will be redirected to your junk email folder.

    A spoof email is one that is sent from a source which imitates the @nhs.net email address but is not from a genuine @nhs.net application or service.

    You are therefore advised to regularly check the ‘Junk Email’ folder within your mailbox, including any shared mailboxes that you manage, to see whether any emails are diverted there that still need to be received.

    If so, you must contact the sender to advise that they will need to take action to stop ‘spoofing’ @nhs.net. This will ensure future emails are received in the inbox, not junk mail.

    If you are notified by a colleague that you are spoofing, you should speak to your organisation’s IT team to discuss your options referencing the spoofing guide.

    The next phase in this security update will be to block these emails completely. This is expected to take place in early spring 2019 and we will confirm exact dates nearer the time.

    More help and support on securing patient data is available from NHS Digital’s Data Security Centre. Details are also available on our online Data Security Awareness training.

    Keep your NHSmail account active

    Inactive accounts are now being regularly deleted from the NHSmail Service, in line with the Data Retention and Information Management Policy .

    To ensure your account remains active, please remember to change your password every 90 days and if you move organisations ensure your account moves with you within 30 days.

  • Our annual user satisfaction survey is back up and running, following the issues we have been experiencing with the high volume of users simultaneously trying to access it. The survey is now open until Wednesday 24 October 2018. Apologies for the inconvenience this may have caused.

    At NHSmail, we're always trying to improve and build upon our current service to ensure it's working in the best possible way for you.

    To do this, we want to know what works and what doesn't work for you.

    Please set aside 5-10 minutes to complete our short survey and tell us about how you want to use the service.

    The survey is anonymous and open to anyone who uses an NHSmail email account and closes at 5pm Wednesday 24 October 2018.

    Thank you for helping us shape the future of NHSmail.

    If you cannot find this communication, please email feedback@nhs.net for a link to the survey.

  • We would love for you to be involved in shaping the future!

    NHSmail is evolving to bring you the best digital collaboration tools possible, so we want to know how you use technology at work and where you would most like to see improvement in the digital services available to you.

    Have your say by taking part in this short survey.

    To ensure the best experience of your current NHSmail account, and to keep your account active, please remember to look after your account responsibly. Here are some reminders to help you:

    Further help is available on the portal help pages.

    Thank you for helping us shape the future of NHSmail.

  • Details of the all-user broadcast on GDPR can be found in the ‘GDPR’ section of the Portal (found under Help>Policy and Guidance>GDPR>GDPR guidance for the NHSmail Live Service – England).

  • Self-service password reset function and hide your personal mobile number from public view


    If you cannot access your NHSmail account and wish to reset your password, you can do this yourself rather than contacting your Local Administrator. This means you can access your account anytime out of hours rather than waiting for your Local Administrator to be available.

    To use this functionality, you must:

    • have a mobile number set within the ‘Profile’ section of the NHSmail Portal (this mobile number can be hidden from the NHS Directory / People Finder if you don’t want it to be visible)
    • know the answers to your security questions

    Adding a mobile number to your profile

    1. Log into your account at www.nhs.net by clicking on 'Login' in the top right-hand corner of the page, use your current NHSmail credentials normally

    2. Click on Profile

    3. Enter your mobile number in the field provided

    4. Tick the box if you wish to have your mobile number hidden. (The NHSmail helpdesk and your Local Administrator will still have access to this number for account administration purposes only).


    Reviewing your security questions

    1. Click on the ‘Security Questions’ tab within the ‘Profile’ page, shown above.

    2. If you wish to change the questions and answers displayed, please follow the on-screen instructions.

    3. Once you are happy, please click on the ‘Save’ button.

    Further guidance on setting security questions and editing your profile is available within the support pages.

    Using self-service password reset

    If you have forgotten your password, you can use the self-service password reset feature within the Portal.

    1. Go to the NHSmail Portal at www.nhs.net.

    2. Click on 'Login' in the top right-hand corner of the page.

    3. On the standard login screen, you should click on the ‘Forgotten Password? Click here’ link:


    4. Next, you will be asked to enter an email address for verification. Enter your NHSmail email address (nhs.net email) into the box provided and click on the ‘Next’ button.

    5. You will now be asked to answer two of your security questions by providing the correct characters at a requested position within your three security answers. When complete, click on the ‘Next’ button and you will shortly receive a temporary password to use with your account via SMS message to your registered mobile device.

    6. Return to www.nhs.net and login using your NHSmail email address and the temporary password that you have received. You will be asked to change your password immediately to something of your own choosing. Refer to the section below regarding choosing a new password to help guide you with the password complexity requirements for NHSmail.

    Further guidance about the self-service password reset procedure is available via the Portal help pages. button.

  • Use secure passwords

    Changing your password

    Your NHSmail password expires every 90 days for security reasons.

    1. Go to the NHSmail Portal at www.nhs.net.

    2. Click on 'Login' in the top right-hand corner of the page and login using your current NHSmail credentials normally.

    3. Click on ‘Profile’:


    4. Click on ‘Change Password’:


    Further guidance about changing your password is available via the support pages.

    Choosing and remembering secure passwords

    For your password to be valid it must contain the following:
    • Your password must NOT include your username (pre-fix of your email address).
    • It must contain a mix of three out of the following four character types:
      • Uppercase letters (A-Z)
      • Lowercase letters (a-z)
      • Numbers (0-9)
      • Symbols (!"£$%^&*)
    • It must be 8 or more characters long.
    • It cannot be any of your four previous passwords.
    • Spaces or commas cannot be used.

    If you receive an error when attempting to change your password, check that it meets the requirements listed above and try again.

    You should choose a password that is memorable to you but not easily guessable.

    Please use the guidance below to ensure your password remains secure. Choosing ‘guessable’ passwords puts your NHSmail account at risk:

    • Don't use a word or phrase of special importance to you like a birthday or family member’s name.
    • Don't include your username or elements of your email address in your password.
    • Choose something that is memorable to you that others won’t know.
    • Ensure the upper and lower-case mix of letters is included within your password but not next to each other e.g. eXamplepAssword.
    • Don’t ever share your password with anyone – not even the helpdesk.
    • Never use the same password across multiple accounts or sites that require authentication.

    To change your password, please follow the guidance available in the above section on using the self-service password reset function.

    Additional considerations

    If you access NHSmail using several different methods (e.g. Outlook, mobile phone, tablet), you must update to your new password on each device that is configured to store the password, to prevent your account from becoming locked.

    Note, this can only be used if an account is not locked. If your account is locked, you will need to contact either your local helpdesk or the NHSmail helpdesk, to get it unlocked and the password changed, if required.

  • Never send personal / patient / sensitive data to the NHSmail national helpdesk

    When raising a call with the NHSmail national helpdesk please ensure you do not accidentally include patient or sensitive data when sending them information. For example, do not send:

    • emails that have inappropriate attachments when forwarding examples of email issues
    • screen shots with personal data contained within them
    • information containing dates of birth, names and / or addresses
    • CVs and application forms

    The NHSmail helpdesk follows a strict information governance procedure if this occurs, but you should take responsibility for the data you have access to and ensure it is not accidentally shared with inappropriate recipients.

  • Populate or update your personal details in the NHS Directory

    Your user profile contains contact information that is provided when your NHSmail account is created. This information is displayed in the NHS Directory to enable colleagues to find you and make contact.

    You can edit your personal contact details, e.g. if your mobile number changes or if you want to add a personal description for yourself by logging into your account at www.nhs.net and selecting the ‘Profile’ tab.


    Full guidance on updating your profile can be found within the Portal user guide Portal user guide.


Downloading and viewing communications

Some of the links above will open a new tab in your browser, displaying the communication as a PDF. If you want to download the communication to your computer, right-click on the link and click 'Save Target As' or 'Save Link As' (depending on your browser). This will enable you to choose where you want to save the file.

Dates in previous communications

Dates in previous communications are subject to change. For the most up to date information on NHSmail, please see the Service Status page