Local Organisations are required to carry out a number of pre-requisite checks and actions to ensure they are technically prepared for the migration to Exchange Online, by Summer 2020. Information on technical readiness for other Office 365 workloads will be made available in due course.
Failure to complete these actions may prevent users from accessing NHSmail after the migration.
If you are not responsible for ensuring configurations are current, please cascade this information to your respective IT Director/Head of IT to ensure all of the pre-requisite tasks are acknowledged, reviewed and completed.
To download a pre-requisites checklist and to acknowledge your organisation is taking action, please populate your NHSmail email address below and submit to download the checklist
Technical Pre-requisites:
Please review the technical pre-requisite material outlined below and work with your CIO/IT Director to ensure that each area is properly assessed, and necessary actions planned.
Additional communications and supporting transition materials will be provided in due course. This will include extra details around the new features, the user migration journey and functional changes to NHSmail.
For now, please focus on working with your CIO to ensure technical migration readiness for your local organisation. For any transition related queries, please contact [email protected].
| Pre-requisite Items | Items |
| Browser, Outlook, OS & Mobile Versions | Functionality is impacted if the browser, Outlook, OS or Mobile version is outdated/unsupported |
| Transport Layer Security | Any machine or application utilising TLS 1.0-1.1 will fail authentication and will not connect to O365 post migration |
| Transition Network – TN (formerly known as N3) / HSCN & Local Internet Bandwidth | Exchange Online connectivity must be established via an internet connection and local bandwidth must be suitable to support email and Office 365 traffic |
| Local Network Settings | Organisations using local internet may have restrictions on their firewalls or web proxies for connectivity to Office 365 |
Supported Browser, Outlook, OS and Mobile Versions (HIGH IMPACT)
Pre-requisite
Older client systems will need to be upgraded to access NHSmail. A full list of supported Browsers, Outlook client versions, Mobile and Desktop Operating systems is shown below. These are accurate at the time of writing.
Impact
The following clients won’t be supported with NHSmail once users have moved to Office 365 which starts in Summer 2020:
IE 8,9,10
Older versions of Chrome, Firefox and Safari
Outlook 2010 or older
Windows XP and 7
Older Versions of Android and iOS
What action do I need to take?
Make sure systems used to access NHSmail are using supported software versions.
Supported Browser Versions
| Table 1 – Minimum browser versions |
| Windows: Microsoft Edge, Internet Explorer 11 (with latest update), latest version of Mozilla Firefox, or latest version of Google Chrome |
| Mac OS X: Apple Safari 10+ or latest version of Google Chrome |
Supported Outlook Versions
| Table 2 – Supported Outlook Versions |
| Outlook 2019 |
| Outlook 2016 |
| Outlook 2013 with SP1 (until extended support end date – (11/04/2023) |
| Outlook 2010 with SP2 (Ensure the correct patches are also applied – more information here)
Note: (Support for Office 2010 ends on October 13, 2020. This means Microsoft will no longer provide technical support or software and security updates from that date. Microsoft will not take any active measures to block the Office client from connecting to Office 365 services however clients may encounter performance and/or reliability issues over time. If you haven’t already begun to upgrade your Office 2010 environment, we recommend you start now.) |
| Outlook for Macintosh – Office for Mac2016 |
Supported OS Versions
| Table 3 – Supported OS Versions |
| Windows 10 |
| Windows 8.1 |
| Mac OS X 10.10 and later |
Supported Mobile Devices
| Table 4 – Minimum Mobile Device OS Requirements |
| A phone or tablet with Android 5.0 or later |
| An iPhone, iPad, or iPod touch with iOS 10.0 or later |
Transport Layer Security Authentication
Pre-requisite
Microsoft plan to discontinue Transport Layer Security (TLS) versions 1.0 and 1.1 in Office 365. When TLS 1.0 and 1.1 are disabled, no access will be possible from devices or clients that do not support TLS 1.2.
Impact
Any machine or application utilising TLS 1.0 or 1.1 (i.e. Windows XP and older Windows 7 machines) will fail authentication and will not connect to Office 365 services, including Exchange, post migration.
What action do I need to take?
All client machines and applications using NHSmail must support TLS 1.2.
Transition Network (TN)/HSCN and Local Internet Bandwidth
Pre-requisite
Organisations that currently use TN/HSCN to access NHSmail – after a user is migrated, they will automatically be directed to access their mailbox over the Internet via DNS. Organisations should ensure they have sufficient Internet bandwidth suitable to support using NHSmail.
Impact
Exchange Online connectivity must be available via an internet connection.
What action do I need to take?
Organisations using TN/HSCN for NHSmail connectivity will need to ensure access is available via the internet to Exchange Online. Organisations will need to ensure their internet bandwidth is sufficient to support email traffic over the internet. Please work with your local network specialist to understand current bandwidth utilisation and expected future volumes. Whatever bandwidth you currently have on TN/HSCN to support using NHSmail should be equivalent to accessing it over the Internet. Microsoft guidance and tooling can be used to support this activity.
Key variables to consider, but not limited to, are:
- The peak and average number of client computers in use
- The type of task each client computer is performing
- The performance of your Internet browser software
- The performance of your Outlook desktop client
- Your company’s network topology and the capacity of the various pieces of network hardware
Required Firewall and Proxy Server Changes for Exchange Online Service
Pre-requisite
Network updates, such as firewall or web proxy changes may be required to support Exchange Online access.
Impact
Organisations may have restrictions on their firewalls or web proxies for connectivity to Office 365.
What action do I need to take?
Review Firewall restrictions, URL/IP address lists, hard coded DNS entries, web proxy configurations and configure rules accordingly. Based on the organisation’s network design, the following changes are required in the firewall and proxy server to facilitate Office 365 Exchange Online deployment. The proxy servers must be configured to allow the below service URLs outbound access.
The IPs and service endpoints listed are specific to Exchange Online. However, organisations must consider configuring their firewall and proxy servers for other Office 365 services as per following links provided by Microsoft (Office 365 IP Address and Office Endpoints).
Note that Microsoft may remove or add IP address ranges and URLs periodically, please ensure this is checked regularly by the Trust IT Department and any firewall/networking/proxy rules are updated accordingly. Failure to comply with this may result in connectivity issues to NHSmail.
| Source (From) | Destination (To) | Port or Protocol |
| Client Computers |
outlook.office.com outlook.office365.com *.outlook.com *.outlook.office.com attachments.office.net *.protection.outlook.com r1.res.office365.com r3.res.office365.com r4.res.office365.com 13.107.6.152/31 13.107.18.10/31 13.107.128.0/22 23.103.160.0/20 40.92.0.0/15 40.107.0.0/1640.96.0.0/13 40.104.0.0/15 52.96.0.0/14 52.100.0.0/14 52.238.78.88/32104.47.0.0/17 131.253.33.215/32 132.245.0.0/16 150.171.32.0/22 191.234.140.0/22 204.79.197.215/32 |
443 TCP
80 TCP |
| Any devices requiring access to SMTP to send email |
smtp.office365.com 13.107.6.152/31 13.107.18.10/31 13.107.128.0/22 23.103.160.0/20 40.96.0.0/13 40.104.0.0/15 52.96.0.0/14 131.253.33.215/32 132.245.0.0/16 150.171.32.0/22 191.234.140.0/22 204.79.197.215/32 |
587 TCP |
| Any devices requiring access to IMAP or POP3 to retrieve email |
*.outlook.office.com outlook.office365.com 13.107.6.152/31 13.107.18.10/31 13.107.128.0/22 23.103.160.0/20 40.96.0.0/13 40.104.0.0/15 52.96.0.0/14 131.253.33.215/32 132.245.0.0/16 150.171.32.0/22 191.234.140.0/22 204.79.197.215/32 |
993 TCP 995 TCP |
Important Notes
- Office 365 uses Messaging Application Programming Interface (MAPI) over HTTP for communication between Exchange Online and the Outlook clients. This is slightly different to the Remote Procedure Call (RPC) over HTTP (Outlook Anywhere) that is currently being used by NHSmail. As outlined in the pre-requisite section, in order for MAPI to function supported, supported Outlook versions must be in use and must be communicating with Exchange Online over the Internet as opposed to TN / HSCN
- Exchange ActiveSync will be used during the migration to ensure email is replicated to mobile devices. In some scenarios, users may be required to reconfigure email on their mobile device. This will depend on whether their specific device model supports auto-update of mailbox locations via ActiveSync
- Both Local Administrator (LA) and End User communications will be provided throughout the transition to minimise disruption. Guidance material will be made available via the NHSmail Support Site, including a transition guide and links to appropriate Microsoft training material. Please review the LA bulletins for regular programme updates.
