Information
Customer Lockbox is a security feature that provides an additional layer of control and transparency to customer data in Microsoft 365. It offers an approval process for Microsoft support personnel to access organization data and creates an audited trail to meet compliance requirements.
Rationale:
Enabling this feature protects organizational data against data spillage and exfiltration.
Impact:
Administrators will need to grant Microsoft access to the tenant environment prior to a Microsoft engineer accessing the environment for support or troubleshooting.
Solution
To enable the Customer Lockbox feature:
Navigate to Microsoft 365 admin center https://admin.microsoft.com.
Click to expand Settings then select Org settings.
Select Security & privacy tab.
Click Customer lockbox.
Check the box Require approval for all data access requests.
Click Save.
To set the Customer Lockbox feature to enabled using PowerShell:
Connect to Exchange Online using Connect-ExchangeOnline.
Run the following PowerShell command:
Set-OrganizationConfig -CustomerLockBoxEnabled $true
Default Value:
Require approval for all data access requests - Unchecked
CustomerLockboxEnabled - False