Skip to main content Help with accessibility Skip to main navigation
MLCSU Academy logo

MLCSU Academy
Article number: 53881Last updated: 15-08-2025

NHSnet - Self Help Guidance

We would like to advise/remind you of multiple essential and time saving self-help actions.   

Self-Service Password Resets

You can access the self-service password reset function by following the guidance here  

Automatic Deletion of Inactive Accounts

Most NHS.net mailboxes have a lifecycle. If a mailbox with a password is not logged into via www.nhs.net with its username and password, regularly, it will become deleted after 60 days. It is essential that all user mailbox owners perform this action on a monthly basis.

This will affect mailboxes of staff on long-term leave, such as those on maternity or long-term sickness. Line managers can contact the ML IT Service Desk via the links at the bottom of this communication to request that mailboxes are disabled. Disabled mailboxes will not be deleted for up to 18 months and will still receive emails; however, users will not be able to log in to read these until the mailbox has been re-enabled following Line Manager approval i.e. for KIT days / return to work. 

Important: Mailboxes configured as application accounts for use with systems such as EMIS/Docman, or a device such as a printer/scanner, are not deleted automatically. However, their passwords usually need changing annually.

Accessing Shared User Mailboxes

Your organisation maybe using Shared User mailboxes. These mailboxes are user mailboxes that have a password associated with them, that do not contain a person’s name, and are accessed by multiple people. For normal business activity, users should not be accessing shared user mailboxes directly by use of the password. Users should be accessing such mailboxes through delegate access with their own NHS.net mailbox credentials. The ML IT Service Desk can assist with setting up delegate access for your staff.

Please note, as stated above, there is a requirement for a mailbox owner to log into shared user accounts one a month to the keep the account active. They should log in directly with the password for this sole purpose.

Important: Passwords should generally not be shared with others (except to a limited number to prevent single points of failure, to keep shared user mailboxes active – as discussed above)  Also, if prompted for MFA, users should never share MFA codes to enable others to login to a mailbox directly.

Account Secrets

Account Secrets will be rolled out across the platform to older NHS.net mailboxes that currently have questions and answers set up as security authentication. (Newer nhs.net mailboxes already have account secrets setup). If you receive an email regarding this from NHS.net, to ensure continued uninterrupted access to your NHS.net mailbox, Office 365 applications and resources (e.g. MS Word, MS Excel), you can follow NHS.net guidance here to create an account secret. 

Be Aware of Malicious Emails

Please be aware of SPAM / PHISHING emails that you may receive. NHS.net block millions of unwanted emails each day, but there will always be a small number which make their way through to you.

Please remember to take extra care when opening emails – especially unexpected ones.  We understand that it is becoming ever more difficult to identify phishing emails as they become more sophisticated and look genuine, however some tell-tale signs are:

  • They are sent by an unrecognised sender – although in some cases they can appear to be from someone you know or contain NHS logos.
  • They relate to something that is usually out of the ordinary e.g. HMRC contacting you about a tax return on your work email, or receiving an invoice for payment when this is not part of your role etc.
  • They use poor grammar or contain spelling mistakes.
  • They may request you take urgent action.
  • They may contain a link to an unfamiliar webpage (sometimes containing NHS logo's, etc).
  • They may take you to a website that asks you to confirm login details or to log in. 
  • Ask you to send your Username and Password. Never share your password with anybody.

Please bear all these points in mind when judging whether an email is malicious or not. If you believe an email may be malicious then never open attachments or use the embedded links. (Instead, access the website as you normally would). 

***Malicious emails should be sent to spamreports@nhs.net as an attachment. Further guidance can be found here: https://support.nhs.net/knowledge-base/reporting-cyber-threats. They should then be deleted from your Inbox and then deleted again from your Deleted Items folder.***

Useful Links

ML IT Service Desk Self-Service Portal (Portal Guidance) | AVA Chatbot | Online Request Forms

Additional Guidance

Please refer to the User & Video Guides or the Microsoft 365 page for on the MLCSU Academy for additional guidance.

Please contact the MLCSU IT Training Team if you need any further help.  Email: mlcsu.academy@nhs.net

Tags: Microsoft 365 Microsoft Products NHS Mail

User Guides: