Rediger

Customer Lockbox for Microsoft Azure alternate email notifications (public preview)

  • Artikel

Note

To use this feature, your organization must have an Azure support plan with a minimal level of Developer.

Customer Lockbox for Microsoft Azure is launching a new feature that enables customers to use alternate email IDs for getting Customer Lockbox notifications. This enables Customer Lockbox for Microsoft Azure customers to receive notifications in scenarios where their Azure account is not email enabled or if they have a service principal defined as the tenant admin or subscription owner.

Important

This feature only enables Customer Lockbox notifications to be sent to alternate email IDs. It does not enable alternate users to act as approvers for Customer Lockbox requests.

For example, Alice has the subscription owner role for subscription X and she adds Bob's email address as alternate email/other email in her user profile who has a reader role. When a Customer Lockbox request is created for a resource scoped to subscription 'X', Bob will receive the email notification, but he'll not be able to approve/reject the Customer Lockbox request as he does not have the required privileges for it (subscription owner role).

Prerequisites

To take advantage of the Customer Lockbox for Microsoft Azure alternate email feature, you must have:

  • A Microsoft Entra ID tenant that has Customer Lockbox for Microsoft Azure enabled on it.
  • A Developer or above Azure support plan.
  • Role Assignments:
    • A user account with Tenant admin/privileged authentication administrator/User administrator role to update user settings.
    • [Optional] Subscription owner or the new Azure Customer Lockbox Approver for Subscription role if you’d like to approve/reject Customer Lockbox requests.

Set up

Here are the steps to set up the Customer Lockbox for Microsoft Azure alternate email feature.

  1. Access the Azure portal.

  2. Sign in with the user account with tenant/privileged authentication administrator/User administrator role privileges.

  3. Search for Users at the home page: A screenshot of the home screen.

  4. Search for the user for whom you want to add alternate email address.

    Note

    The user must have tenant admin/subscription owner/Azure Customer Lockbox Approver for Subscription role privileges to act on Lockbox requests.

    A screenshot of the search for users interface.

  5. Select the user and select on edit properties. A screenshot of the edit properties interface.

  6. Navigate to Contact Information tab. A screenshot of the Contact Information tab.

  7. Select Add email under 'Other emails' category and then select Add. A screenshot of the Other emails add interface.

  8. Add alternate email address in the text field and select save. A screenshot of the alternative email input interface.

  9. Select the save button in the Contact Information tab to save the updates. A screenshot of the Contact Information table, emphasizing the save interface.

  10. The contact information tab for this user should now show updated information with alternate email: A screenshot of the updated information.

  11. Anytime a lockbox request is triggered and if the above user is identified as a Lockbox approver, the Lockbox email notification is sent to both primary and other email addresses, notifying that the Microsoft Support is trying to access a resource within their tenant, and they should take an action by logging into Azure portal to approve/reject the request. Here is an example screenshot: A screenshot of the email notification.

Known Issues

Here are the known issues with this feature:

  • Duplicate emails are sent if the value for primary and other email is same.
  • Notifications are sent to only the first email address in 'other emails' despite multiple email IDs configured in other email field.
  • If the primary email is not set, and the other email is set, two emails are sent to the alternate email address.

Next steps