Enhancing M365 Security Control by Using Customer Lockbox

Nowadays, we are more concerned about security and privacy, regardless of the kinds of services we use in our daily life and work. From bank accounts to homes, from websites to online services, resolving customer issue over remote to planning for a weekend trip, we demand advanced security and protection, and that’s where we can’t compromise. When we talk about advanced and intelligent security, only one service comes to mind: Microsoft. Microsoft delivers the best security features and policies compared to any web solutions. However, when we need additional security to safeguard our data and prevent data leakage, Microsoft offers some extras. We will be discussing one of them, namely Customer Lockbox. So what is Customer Lockbox? Do we really need that? How will it protect our Data? Wait a minute! Lets find out more about Customer Lockbox.

Customer Lockbox It is an advanced security feature offered by Microsoft for enterprise users. It provides global administrators with enhanced control over their tenants and allows them to limit and grant access to the support engineers working on their cases or support tickets. Customers can give consent and set limitations for Microsoft support engineers, specifying whether they have limited or full access to the products they will be working on. This feature is only available in Enterprise E5 plans.

HOW TO TURN ON THE LOCKBOX FEATURE AND APPROVE REQUESTS?

To enable or turn on the Lockbox, first sign in admin.microsoft.com with the global administrator credentials.

• Then from the left-hand side of the admin page, you will find “settings”. Go to settings then select “org settings” and then select “security and privacy”.
• Select the Customer Lockbox option, review the activation terms and conditions after turning it on and then select “Accept”.

Now If you want to check the requests pending in the lockboxes,

• Go to the “Support” option in the Office 365 home admin page
• Select “Customer Lockbox Requests” under support and you will find all the requests sent by Microsoft in Data Access Requests Page

From there, choose a request and indicate whether you want to approve or deny it. Upon confirmation, you will receive a message from Microsoft.

Note: You will also get notified in your outlook account as well regarding the lockbox request. Sign in to the outlook account using the admin ID, open the email sent from Microsoft and you can review the request directly after clicking on the link provided.

HOW IT WORKS?

So first, let’s understand how the lockbox works.

• When you will raise a case to Microsoft regarding your issue, a support ticket gets generated, and a potential Microsoft support engineer gets assigned to solve the problem. The Support Engineer will send you an email asking for the details like tenant name, affected ID, Product, etc.
• The engineer will then enter the lockbox request tool (if activated) to send a data access request that includes tenant details, the support ticket number, the expected start time, the minimum time needed to resolve the query, and information about the product they will work on.
• After that, either the concerned person or the manager will approve the request sent by the support engineer. The customer lockbox will then ask you for approval of the generated request.
• The user is expected to carefully go through the request received and take action accordingly, and if he/she admits the request, the Microsoft support engineer will be granted access for a limited period of time. If the customer rejects the request or doesn’t respond within 12 hours, the request will automatically get expired and become invalid.

KEY FEATURES:

Control: Customer Lockbox in ​Office 365 provides enhanced security and control, allowing you to review and take action if required. It can also restrict access based on the requested limitations.

Audit: Every action and steps performed by Microsoft support engineers are logged inside the Office 365, which helps the user or administrator to monitor and review all the access or actions they have performed.

Time-Limitations: Another key feature is the time limitations, which help users restrict support engineers and ensure the issue is resolved within that time frame.

MFA: To enhance the security more strongly, Microsoft will need the muti factor authentication for all access requests.

As we rapidly evolve in the era of AI tools and other smart cloud solutions, we need enhanced security and protection against any activities conducted.