Summary is as per the title. This is something you'd expect with a large organisation paying another large organisation to secure its data, particularly a service that is used by default for the communication of patient sensitive data. However, to know it can't work you need to try. The last time I tried was late 2025, and I was unable.

The rationale for using a custom email client is straightforward

• Allows for a personal backup of work related emails (this is obviously not okay from a data protection POV)
• Allows for integrations with a number of services to automate routine tasks
• Avoids the use of New Outlook which obviously is aimed at people with a total of seven brain cells

In theory Office 365 (of which NHSMail is based) does allow for third party email clients to connect to its services through a OAuth2 authentication flow.

This is disabled.

It appears there is a mechanism to override this, but you need to be an NHSMail admin (I assume there are none at a organisational/trust level) and indeed there would be no reason for someone to authorise that.

Things that I tried so that you don't have to:

• Using Thunderbird for automated detection, IMAP, POP3 an exchange
• Using the paid-for Thunderbird addon Owl (uses the disabled OAuth2 flow)
• Using eM Client's native connection flow

IMAP and POP3 are also disabled.

There is probably scope to do something clever using PowerAutomate as that exists within the NHSMail 365 account itself but I value my career so I'm not going to take that further.

The above information is probably correct as of late 2025.