Step-By-Step: Enabling Customer Lockbox in Office 365

  • Article

Security is always top of mind for IT Professionals.  With more people demanding access to data (via smartphones, tablets, etc), IT Professionals have been challenged in providing secure seamless access. Some have been looking to cloud services to address this need but require assistance as to where to begin. The first question usually asked is:

"Who really has access to my organization's data stored in the cloud?"

IT Professionals, and the organizations they support, understandably want to have full control in regards to who has access to their content stored in in the cloud. Office 365 provides a great first step of security enablement strategies and recently Eric Ivankovich and I sat down to discuss said security attributes:

Customer Lockbox, mentioned in the above video, provides Office 365 administrators with control over their organizations data.  This solution can address situations where Office 365 Administrators need explicit control, in rare instances,  when a Microsoft engineer is needed to access said data to resolve an issue.  The process to enable this is as follows:

Step 1: Enabling Customer Lockbox

  1. Sign in to Office 365 with the required admin account

  2. Navigate to the Office 365 admin center
     

  3. In the Service settings page, navigate to Customer Lockbox
     

  4. Slide the toggle to On to enable lockbox requests

At this point, should the Office 365 Administrator not be able to resolve and issue via troubleshooting, they can initiate a Microsoft support request.

Step 2: Approve Open Customer Lockbox requests

  1. Navigate to the Office 365 admin center 
     

     
  2. Go to Support > Customer Lockbox Requests
     
  3. View all issued support requests
     
  4. Select Approve located beside the desired customer lockbox request and select Yes to accept
     
    NOTE: Select Deny located beside the desired customer lockbox request should the request need to be disabled. Access is automatically revoked should the request is not approved or denied in the span of 12 hours.

Once approved, the Microsoft support engineer receives the approval message and proceeds to login to Exchange Online to address the specified issue. The customer lockbox request is closed once the issue is fixed and access is then revoked.

Customer lockbox can be enabled via a Office 365 E5 plan or via a separate customer lockbox subscription on any Office 365 Enterprise plan.