Mobile Configuration Guide for NHSmail

Similar documents
NHSmail and mobile devices overview

NHSmail mobile configuration guide Apple iphone

NHSmail mobile configuration guide Android mobile devices

Exchange 2010 ActiveSync: Connection

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

ONE Mail Direct for Mobile Devices

Exchange ActiveSync Configurations for GroupWise

Information Systems. Connecting Smartphones to NTU s System

Rocket Mail Smartphone Configuration Guide. Version 2.0

How to wipe personal data and from a lost or stolen mobile device

How Do I Remove My Office 365 Account From An iphone, ipad or ipod Touch?... 1

Android support for Microsoft Exchange in pure Google devices

Exchange ActiveSync (EAS)

MelbourneOnline Hosted Exchange Setup

Quick Start and Trial Guide (Mail) Version 3 For ios Devices

CHAPTER 1 Exploring Mobile Devices with IMail 1

Office of Information Technology Connecting to Microsoft Exchange User Guide

Business mail 1 MS OUTLOOK CONFIGURATION... 2

How to configure your mobile devices post migrating to Microsoft Office 365

Synchronization Center

NHSmail mobile configuration guide NotifySync V4.7 for Blackberry

Android Support on Galaxy Nexus, Nexus S, and Motorola Xoom for Microsoft Exchange Policies

User Self-Administration

Hodges Office 365 (Student )

Microsoft Outlook Phone Set Up

Windows Phone 8 Device Management Overview

UNIFIED COMMUNICATIONS POST-MIGRATION INSTRUCTIONS

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Faculty & Staff: Office 365 Migration

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

Setup Guide-Mobility ActiveSync Hosted Exchange Configuration

Setup Guide-Mobility. ActiveSync Hosted Exchange Configuration

Mobile Device Management and Security Glossary

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

Mobile Iron User Guide

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Information Technology Services. Your mailbox is moving to the cloud. Here is what to expect.

April 14. Product Suite. one_mail, one_storage, one_archive, one_sync, one_mobile. Version 2.1 Client Services

Microsoft Exchange Information Services and Security Policies Supported by Android 2.2

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

ConnectMail Mobile Configuration

GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry

Sophos Mobile Control User guide for Apple ios. Product version: 4

Commack UFSD Remote Access for Microsoft Windows Vista, 7 and 8 Apple Macs, ipads, iphones And Android devices

Installing Logos SSL Certificates on Mobile Devices

Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy

Rockets Smartphone Configuration. Spring 2012 Edition

IceWarp Unified Communications. ActiveSync Guide. Version 11.4

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Sophos Mobile Control User guide for Apple ios. Product version: 2 Document date: December 2011

User Guide. Time Warner Cable Business Class Cloud Solutions Control Panel. Hosted Microsoft Exchange 2007 Hosted Microsoft SharePoint 2007

Apple Mail Outlook Web Access (OWA) Logging In Changing Passwords Mobile Devices Blackberry...

Kaspersky Security 10 for Mobile Implementation Guide

MOBILE DEVICE CONFIGURATION GUIDE ActiveSync

Managing iphones, ipads, and Androids with Exchange ActiveSync. Presented by Val Hetrick

Business . Setup guide

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

Sophos Mobile Control Administrator guide. Product version: 3.6

Q. I use a MAC How do I change my password so I can send and receive my ?

MobileConnect. Getting Started Guide

Fus - Exchange ControlPanel Admin Guide Feb V1.0. Exchange ControlPanel Administration Guide

Sophos Mobile Control Administrator guide. Product version: 3

Symantec Mobile Management 7.2 SP3 MR1 Release Notes

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

BTC STUDENT GUIDE

Feature List for Kaspersky Security for Mobile

[BRING YOUR OWN DEVICE POLICY]

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Students Mobile Messaging Registration & Configuration

Android App User Guide

Sophos Mobile Control Startup guide. Product version: 3

Novell Filr. Mobile Client

iphone in Business Security Overview

User Guide. BES12 Self-Service

Sophos Mobile Control User guide for Android

Ensuring the security of your mobile business intelligence

Mobility Manager 9.5. Users Guide

Version 1.3. Kaspersky Lab FOR INTERNAL USE ONLY

iphone in Business How-To Setup Guide for Users

Vodafone Hosted Services. Getting your . User guide

Thank you for using Synapse Hosted Exchange service. Please find the instructions for setting up your clients are below:

Configure SLC to Smartphone/ Tablet

PORTLANDDIOCESE.ORG - How to Connect Table of Contents

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT

Sophos Mobile Control User guide for Android. Product version: 4

How to... Access your University Staff on your Android device

GREEN HOUSE DATA. Services Guide. Built right. Just for you. greenhousedata.com. Green House Data 340 Progress Circle Cheyenne, WY 82007

Configuring an Android device to access Staff Wi-Fi and .

Quick User Guide. The KLZ Home Page

Sophos Mobile Control Startup guide. Product version: 3.5

Business mail 1 MS OUTLOOK RECONFIGURATION DUE TO SYSTEM MIGRATION... 2

Toll Free: International:

Kaspersky Lab Mobile Device Management Deployment Guide

Symantec Mobile Management Suite

Windows Phone 8.1 Mobile Device Management Overview

Username: Password: your password. Domain Name: EXCH026. Server Name: EAST.EXCH026.serverdata.net

PolyU Connect Mobile Connection. Setup Guide

Grapevine Mail User Guide

BlackBerry Link for Windows. Version: User Guide

Mobile Device Management Version 8. Last updated:

Transcription:

Mobile Configuration Guide for NHSmail Version 2.0 October 2016

Glossary of Terms Term / Abbreviation Encryption at rest What it stands for Data stored in phone (handset) storage is encrypted and can only be read with the secret key needed to decrypt it. If a device does not have encryption at rest, data could be read if copied. Page 2 of 15 Copyright September 2016 NHS Digital

Contents 1 NHSmail and mobile devices overview 4 1.1 Purpose of Document 4 2 Mobile device configuration 5 3 Protecting a Mobile Device 6 3.1 Making NHSmail more secure on mobile devices 6 3.2 NHSmail mobile device security policies 8 4 Compatible Mobile Devices 9 4.1 Android 9 4.2 Apple 10 4.3 Blackberry 11 4.4 Nokia 11 4.5 Windows Mobile 12 5 Email encryption using NHSmail on a mobile device 12 5.1 Mobiles that support encryption at rest and other security policies 12 5.2 Apple iphone 4, 5, 5s, 6, 6s, 7 & ipad 12 5.3 Windows Mobile devices with operating system 6.1, 6.5, 8, 8.1 and 10 13 5.4 Windows Mobile 7 13 5.5 Blackberry configured with ActiveSync (e.g. Blackberry Z10 running OS10) 13 5.6 Blackberry with NotifySync 4.7 or higher installed 13 5.7 Blackberry with AstraSync 4.2 or higher installed 13 5.8 Android devices 14 5.9 Nokia 14 6 Frequently Asked Questions 14 Page 3 of 15 Copyright September 2016 NHS Digital

1 NHSmail and mobile devices overview 1.1 Purpose of Document Target Audience: End users of NHSmail who wish to access the service via a mobile device The NHSmail service provides features for mobile users such as wireless synchronisation of the calendar and always on email. Key features at a glance: You will receive any new or updated item as soon as it arrives on the NHSmail server there is no need to set up a synchronisation schedule. Email, calendar items, contacts, and tasks can be synchronised over the air with the device no need to synchronise the calendar or contacts on your mobile with your PC. Security features are automatically applied to devices that are able to support security policies, e.g. an automatic screen lock after the device has been inactive for 20 minutes; self-service device password reset and remote wipe facility if the handset is lost or stolen. The service is available on different devices including Windows Mobile, Nokia, Blackberry, Android, Apple iphone 4 / 5 / 6 and ipad. Supports flags enabling you to manage your email and flag items for later action. Rich HTML mail for mobile devices renders tables, fonts, formatting and images on the mobile device. You can control whether you want to view HTML or plain text email. Many bandwidth saving features help reduce costs and the time taken to deliver data over slow wireless networks. Forward, reply, or reply-all to a meeting request. You can set up out of office from your mobile device. Easy setup for most devices all you need to know is your email address and password. Note: Exchange ActiveSync does not support shared mailboxes or delegate access. It is important to remember that receiving data on your device may incur a financial cost to you or your organisation. You may wish to set your device to manually update. Check with your organisation for more information regarding data plans and tariffs. Important: should you wish to use either a personal device to connect to NHSmail, or a mobile device that cannot be encrypted or allow the policies to be applied, please ensure you have approval from your own organisation to ensure compliance with local information governance policies. Page 4 of 15

Devices that have been modified by techniques such as Jailbreaking or Rooting should never be connected to NHSmail as the security/integrity of the device cannot be guaranteed. Devices should be kept up to date with the latest software available via the manufacturer. 2 Mobile device configuration This guide does not provide configuration information for individual device types. For full guidance on each device type please refer to your manufacturer s instruction guide on setting up your email account. The table below provides a brief overview of configuration information for a selection of devices. Device Configuration Windows Phone 7 Windows Phone 8, 8.1, 10 Nokia mobile devices Apple iphone 4, 5, 6, 7 and ipad Blackberry devices with operating system (OS) 7.1 or earlier running AstraSync / NotifySync software Blackberry with operating system (OS) 10 and ActiveSync Android with Touchdown Windows Mobile 7 devices do not support encryption at rest. Windows Mobile 7 devices do not include any option to encrypt data held on the device therefore it should not be used to access your NHSmail account if you intend to transmit or receive patient or other sensitive data. Uses the 'Autodiscover' feature so the user will only have to type in their email address and password. Use the Autodiscover feature so the user will only have to type in their email address and password (version 2.7 or higher). Nokia Mail for Exchange must be downloaded and installed on the device. Uses the 'Autodiscover' feature so the user will only have to type in their email address and password. Manual settings / Autodiscover Older Blackberry models (7.1 or earlier) can only be configured with NHSmail if either AstraSync or NotifySync software is purchased and installed. Please refer to your handset provider to check your device operating system version. Devices running OS10 do not need third party software before configuration with NHSmail. Most Blackberry OS10 devices were released in 2013, e.g. the Blackberry Z10 or Q10. Please refer to your handset provider to check whether your device runs OS10. Blackberry with OS10 uses the 'Autodiscover' feature so the user will only have to type in their email address and password. Note: encryption will need to be enabled manually on the device. Older Android devices do not include the encryption at rest capability and third party Symantec Touchdown software must be installed prior to configuration. Page 5 of 15

Android with native email client Newer Android devices do include an encryption at rest capability. Android devices have built-in ActiveSync client which will allow connection to Exchange. There is a significant data leakage risk with versions of Android below version 6 (Android 6 Marshmallow) that could allow any app on the device to access and covertly export the mail data. Configuration guides (click to follow links): Set up email on Windows Phone running: Windows Phone 7 and Windows Phone 8 Set up email on Windows Phone 10 Set up email on iphone, ipad, or ipod Touch Set up email on an Android Only devices which support the Exchange Active Sync protocol and have inbuilt encryption at rest capability should be connected to NHSmail. See manufacturer websites for further information. For those devices that require manual configuration, the following settings are required: Configuration ActiveSync Server URL ActiveSync Domain Name Username Password Set as: eas.nhs.net <leave blank> <your NHSmail email address> <your NHSmail password> 3 Protecting a Mobile Device 3.1 Making NHSmail more secure on mobile devices If you have a mobile device set up to access NHSmail, you may notice a range of security features are automatically applied to it. This is to minimise the risk of data loss. Security features include: An encrypted connection between the mobile and the NHSmail service. Implementation of a password to access it. A limit on the size of email attachments that can be downloaded. A remote-wipe facility, meaning that the data held on the mobile can be deleted if it is lost or stolen. Page 6 of 15

In addition, some mobiles automatically encrypt the data they contain at rest - in other words the data held on the phone is encrypted and can only be read after the phone is unlocked by the user, preventing access should it be lost or stolen. Encryption at rest is automatically enabled on connection to NHSmail on those devices that support this feature. It is important that sensitive or patient identifiable data isn t held on any mobiles that don t have a built-in encryption at rest capability or those where encryption at rest cannot be remotely enabled. It is a mandatory Department of Health requirement that only encrypted devices carry such data. Email encryption using NHSmail is covered later in this document. If your mobile isn t listed in the Compatible Mobile Devices section of this document, please contact your local IT helpdesk for further guidance before it is used to hold or transmit sensitive or patient identifiable information. Page 7 of 15

3.2 NHSmail mobile device security policies Once you have set up your device to work with NHSmail, a security policy will be applied. The default NHSmail security policy is: Category Policy Setting NHSmail policy Loss Protection Password required Minimum password length Maximum inactivity time lock Four characters 20 mins Maximum fail password attempts 1 Eight Password expiration (the duration a password can be kept before the user is forced to choose a new password) Password history (the number of new passwords that must be used before the system allows an old password to be reused) Policy refresh interval Unlimited 0 1 hour Data aggregation Maximum attachment size 2 10240 KB Maximum e-mail body truncation size 64 KB Maximum HTML e-mail body truncation size Unlimited Maximum e-mail age filter 1 month Encryption Enforces encryption at rest on devices that support this feature? 1 The phone will be automatically wiped of all NHSmail data and restored to its default factory settings after the last failed attempt. Refer to the device s manufacturer guide for non-nhsmail data (photos, documents) stored on the device. 2 This size only applies to a mobile device. Attachments over this size will be received by your NHSmail mailbox. Page 8 of 15

Once the policies have been applied to the device they can only be removed by performing a factory reset (format) of the device. If the policies aren t applied to your device, you must inform your local IT helpdesk to ensure you are not in breach of local information governance policies. Your organisation has the ability to set a different mobile device policy. Please contact your local helpdesk if you find you have a different policy on your device and wish to query this. 4 Compatible Mobile Devices The tables below lists the device version used to connect to NHSmail and whether or not the device supports encryption at rest. If the device does not support encryption at rest, you should be aware of your Information Governance requirements. If you need further information on the types of encryption at rest the device supports, please contact the manufacturer. Please be aware that the Microsoft Outlook mobile app does not work with NHSmail as it uses a different configuration. Instead, email should be accessed via the mail feature on your mobile device. Note: the list provided below is not a complete list of every device on the market. If you have a device that cannot be matched to the information in this guide, please contact the device manufacturer for further information. 4.1 Android DeviceUserAgent Device / application Android 6.0 (Marshmallow) and later Android - Marshmallow Supports encryption at rest? Page 9 of 15

4.2 Apple DeviceUserAgent Device / application Supports encryption at rest? Apple-iPhone3C1/AppleiPhone3C2 iphone 4 Apple-iPhone4C1 iphone 4GS Apple-iPhone5C1/ Apple-iPhone5C2 Apple-iPhone5C3/ Apple-iPhone5C4 Apple-iPhone6C1/ Apple-iPhone6C2 Apple-iPhone7C1/ Apple-iPhone7C2 Apple-iPhone8C1/ Apple-iPhone8C2 Apple-iPad2C1/ Apple-iPad2C2/ Apple-iPad2C3 and later Apple-iPod3C1/ Apple-iPod4C1/ Apple-iPod5C and later iphone 5 iphone 5C iphone 5S iphone 6 iphone 6+ iphone 7 iphone 7+ ipad and ipad 2 ios 4.3 and later ipod Touch 2nd generation, ios 4 and later Please check with your device manufacturer should you have any concerns. Page 10 of 15

4.3 Blackberry DeviceUserAgent Device / application Supports encryption at rest? BlackBerry/5.2.200 AstraSync BlackBerry/5.2.200 UNTRUSTED/1.0 NotifySync/4.7 NotifySync/4.8 NotifySync/4.9 NotifySync/4.10 And later RIM-PlayBook/2 And later RIM-Z10 RIM-Z30 RIM-Q5 RIM-Q10 And later NotifySync Blackberry Activesync Blackberry Activesync but encryption must be manually switched on by the user but encryption must be manually switched on by the user Note: only AstraSync version 4.2 or above supports encryption at rest. The version isn t defined in the DeviceUserAgent field on the Local Administrator (LA) report; therefore user checks will be required. AstraSync intend to correct this in future software releases. Please check with your device manufacturer should you have any concerns. 4.4 Nokia Nokia devices with the Symbian Operating System (OS) are compatible with NHSmail and support encryption at rest. Encryption must be manually switched on by the user. Please check with your device manufacturer should you have any concerns. Page 11 of 15

4.5 Windows Mobile DeviceUserAgent Device / application Supports encryption at rest? MSFT-WP/7 Windows Mobile 7 No MSFT-WP/Microsoft Windows CE 7 WindowsMail/ OutlookMail/ Windows Mobile 8, 8.1 and 10 encryption may have to be manually switched on by the user. Please check with the manufacturer Note: any version greater than 5.2.23090 but less than 7.x refers to Windows Mobile 6.5.3 or Windows Mobile 6.5.5 devices 5 Email encryption using NHSmail on a mobile device 5.1 Mobiles that support encryption at rest and other security policies The following mobiles automatically encrypt the data at rest and automatically apply the NHSmail security features: Apple iphone 4/5/6/7/ and the Apple ipad. Blackberry with NotifySync 4.7 or higher installed users which already have it installed can continue using it, but for new devices it is not required. Blackberry with AstraSync 4.2 or higher installed - users who already have it installed can continue using it, but for new devices it is not required. Blackberry OS 10 and greater (e.g. Z10). Windows Mobile 6.1-6.5, 8, 8.1 and 10. Android devices with Symantec Touchdown installed - users who already have it installed can continue using it, but for new devices it is not required. Nokia devices (Symbian OS). Vendors are continually releasing new products. Any new mobile device must have the built-in capability to encrypt the data and implement the security policy requirements to connect to NHSmail. 5.2 Apple iphone 4, 5, 5s, 6, 6s, 7 & ipad Help from Apple to identify the model of iphone you are using. All ipad versions include encryption at rest which is enabled by default and cannot be disabled. Page 12 of 15

5.3 Windows Mobile devices with operating system 6.1, 6.5, 8, 8.1 and 10 Help from Microsoft to identify the model of Windows Mobile device you are using. 5.4 Windows Mobile 7 Windows Mobile 7 devices do not currently support encryption at rest and should not be used for handling sensitive or patient identifiable data. 5.5 Blackberry configured with ActiveSync (e.g. Blackberry Z10 running OS10) Currently the encryption at rest capability on these devices requires manual activation. You must ensure that you are aware of information governance policies enforced by your local organisation regarding the requirement to encrypt the memory of any portable device. Disabling the security features of your mobile handset may mean you do not comply with local policies and could result in disciplinary action. 5.6 Blackberry with NotifySync 4.7 or higher installed The Blackberry running NotifySync version 4.7 physically encrypts the data at rest. Once NotifySync has been installed on the Blackberry it means that there will be two encryption options available the encryption at rest built into the Blackberry handset (native encryption) and encryption at rest written into the NotifySync software. When running NotifySync to connect to NHSmail, native encryption at rest should NOT be switched on. If it is switched on, Contacts and Calendar will not sync and only access to email will be available. 5.7 Blackberry with AstraSync 4.2 or higher installed The Blackberry running AstraSync 4.2 or higher encrypts data at rest. Once AstraSync has been installed on the Blackberry it means that there will be two encryption at rest options available the encryption at rest built into the Blackberry handset (native encryption) and encryption at rest written into the AstraSync software. When running Astrasync to connect to NHSmail, native encryption at rest should NOT be switched on. If it is switched on, Email, Contacts and Calendar will not sync correctly and could corrupt. Page 13 of 15

5.8 Android devices Android devices with Symantec Touchdown installed can continue using it, but it is not required for new encrypted devices. Newer Android devices do include an encryption at rest capability. 5.9 Nokia On these devices the model number is printed in the top right hand corner on the front of the device. Currently the encryption at rest capability on these devices requires manual activation. You must ensure that you are aware of the information governance policies enforced by your local organisation regarding the requirement to encrypt the memory of any portable device. Disabling the security features of your mobile handset may mean you do not comply with local policies and could result in disciplinary action. 6 Frequently Asked Questions What does mobile device mean does it include laptops or computers used away from work? No, it means mobile phones, handsets or tablets that can be used to make phone calls as well as connect to NHSmail. Your organisation should have policies in place outlining how to keep information secure when accessed on laptops or other computers outside of your organisation. What will happen if my mobile device cannot be encrypted and doesn t meet the policy requirements? You will be able to connect to NHSmail but must not hold any sensitive or patient identifiable data on the device. It is a mandatory Department of Health requirement that only encrypted devices carry such data. If you are unsure as to whether you should continue to use your mobile device with NHSmail, you should check with your organisation. What about Google Android phones? Users who already have Symantec Touchdown installed can continue using it, but for new devices it is not required. Android supports encryption at rest after version 6.0. What is the policy on connecting personal devices with NHSmail? Page 14 of 15

You must obtain approval from your own organisation to use a personal device with NHSmail to ensure you comply with your local information governance requirements. If my device does not support encryption at rest does this mean that if I use it to transmit data via email it is not secure? When we talk about encryption at rest, we are referring to the security (encryption) of the data that is held on a device. When the data is transmitted it is encrypted between the handset and NHSmail service, even if the device used to send it is not an encrypted device. It is Cabinet Office and NHS policy to not store any personal data on non-encrypted devices. Page 15 of 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information