Certain staff, such as IT leads, can be granted elevated rights for their surgery. Sometimes staff refer to this as "admin rights". This is not related to any elevated privileges you may have to manage printers or other software within the surgery.
Staff are granted the Local Helpdesk role; which allows everything except creation/deletion of content. These actions continue to be processed through the service desk. Having this access does not require you to manage mailboxes yourself and the service desk is still available to you and surgery staff as normal.
Please note having elevated rights requires you to us the most secure MFA method: Phone app notifications. You cannot use phone app codes or SMS messages etc.
How do I use these rights?
Full documentation is on the NHSmail support pages; however, here as some direct links to articles for common actions/scenarios:
- Add staff to Shared mailboxes as Owner/Members (even if you are not an Owner of the mailbox)
- Member of staff forgets password:Reset password
- Member of staff goes on long-term leave:
- Set automatic reply
- Add colleagues as delegate to monitor the mailbox
- (do this after above) Disable mailbox (prevents login and retains mailbox for up to 18 months - Normally an account will be deleted after 30 days without use)
Multi-Factor Authentication
While all users need MFA for NHSmail, the requirements for those with elevated rights are higher and you can only use "push" phone app notifications. i.e. The following are not acceptable: Time-based One Time Passcodes (codes that change every 30 seconds), SMS codes, voice calls.
To review or update our MFA options visit: https://mysignins.microsoft.com/security-info
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article