“Customer Lockbox” –This terminology was something new to me until I heard it at Microsoft Tech Summit this year. There was a session which I was attending on Office 365 and the speaker was talking about this feature. Sadly, only a few folks in the room were aware of it and I was one among those who hadn’t heard that term before.
Anyway, now that I’m aware of it, I decided to write an article on it so that my readers will get to understand about this cool feature in Office 365 and they can start using it in their Office 365 tenants.
So what is Customer Lockbox?
To put it in simple words, it’s a feature that’s available in Office 365 to ensure that there’s zero interaction by Microsoft on your contents that’s saved in Office 365 (i.e. SharePoint Online, Exchange Online, Skype for Business Online etc…)
Roughly around couple of years back Microsoft had come up with this feature to maximize data security and privacy for Office 365 customers by ensuring that there’s zero interaction with the customer’s content by Microsoft engineers.
Almost all the service operations performed by Microsoft are either fully automated so there is no human interaction, or the human involvement is abstracted away from the customer’s content that’s stored in Office 365.
Only during some circumstances where something is broken in your tenant and you raise a support case for that, Microsoft engineers access your content to fix it. So with this feature, Microsoft enforces access control through multiple levels of approval, providing just-in-time access with limited and time-bound authorization. In addition to that, all access control activities performed by the Microsoft engineer does gets logged and audited.
The below mentioned image depicts the complete approval process
So with this feature, Microsoft has given their assurance to its customers that their content will not be accessed by Microsoft employees without their explicit approval. It brings customers into the access approval process, requiring the customer to provide explicit approval of access to their content by a Microsoft employee for service operations.
Now that we have understood about this feature, let's take a look on how this complete process works ….
Let’s consider a scenario wherein something is broken in SharePoint Online or Exchange Online and you raised a support case for that. The engineer, upon reviewing your request, feels that he/she might need access to your Exchange/SharePoint Online content to fix it .So this is how the process flows when you have Customer Lockbox turned on in your tenant.
- Administrators in the customer’s Office 365 environment are notified via email that there is a request for access, as shown in the image below.
- In addition to this, the Office 365 Admin Center portal will also display requests that have been submitted to the customer for approval, as shown in the image below.
- You, as an Office 365 administrator, can approve or reject Customer Lockbox requests. Check the image below where you get the option to approve or reject a request.
- Microsoft can only proceed following approval of a Customer Lockbox request. See the image below where the customer has approved a request by the engineer.
- If a customer rejects a Customer Lockbox request, no access to customer content will occur.
Note
Customer Lockbox requests have a default lifetime of 12 hours after which they expire. Expired requests do not result in access to customer content.
Enabling Customer Lockbox in the Office 365 admin center
- Sign in to Office 365 admin center
- Go to the Office 365 admin center.
- Navigate to Settings > Security & privacy and scroll to locate Customer Lockbox
- Click Edit and move the toggle on or off to turn lockbox requests on or off.
Approve or deny a Customer Lockbox request in the Office 365 Admin Center
- Sign in and go to the Office 365 Admin Center.
- Navigate to Settings > Support > Service requests.
- Select a customer lockbox request, and then select "Approve" or "Reject".
- This is how the view looks in the new Office 365 Admin Center. Check the image below.
How to get Customer Lockbox for Office 365?
Customer Lockbox for Office 365 will be available as part of a new premium Office 365 Enterprise Suite called E5.
Thanks for reading this post ….I hope you will enable this feature in your Office 365 Admin Center, which gives an extra layer of security to your contents in Office 365.