Manage Customer Lockbox requests

  • 5 minutes

After enabling Customer Lockbox, it's important to understand how to handle access requests, assign approvers, and maintain transparency with auditing.

Approve or deny a Customer Lockbox request

Customer Lockbox requests occur when a Microsoft engineer needs access to resolve an issue. Use these steps to review and respond to a request:

  1. Sign in to the Microsoft 365 admin center with an account that has the Customer Lockbox access approver role.

  2. Go to Support > Customer Lockbox Requests.

    Screenshot showing Customer Lockbox Requests in the Microsoft 365 admin center.

  3. Review the list of Customer Lockbox requests.

  4. Select a request to view its details, including the service name, start time, and duration.

  5. Select Approve or Deny based on your organization's policies.

    Screenshot showing the option to Approve or Deny a Customer Lockbox request.

  6. A confirmation message about the approval of the Customer Lockbox request displays.

    Screenshot of the confirmation shown after a request is approved.

    If approved, Microsoft engineers receive access only for the specified duration, and their actions are logged for auditing.

    Important

    If you take no action, the request expires after 12 hours, and Microsoft engineers aren't granted access.

Auditing Customer Lockbox requests

All actions related to Customer Lockbox requests are logged, including approvals, denials, and activities performed by Microsoft engineers. Use the Microsoft Purview compliance portal to access these records:

  1. Sign in to the Microsoft Purview portal with the appropriate permissions.

  2. Navigate to Solutions > Audit > Search.

  3. Configure the search criteria:

    • Date and time range (UTC): Specify the range for the events you want to review.

    • Activities: Leave this field blank to ensure all activities, including those related to Customer Lockbox, are included in the results.

    • Users: Leave this field blank.

    • File, folder, or site: Leave this field blank.

  4. Select Search to queue the query. The status of your search will update to show its progress. Once the status shows "Complete," select your search to view and review the results.

    Screenshot showing the audit page in Microsoft Purview.

  5. Review the results:

    • Sort the Activity column to find records labeled Set-AccessToCustomerDataRequest. These records indicate actions taken by approvers in your organization for Customer Lockbox requests.

    • Alternatively, sort the Users column to locate records for Microsoft Operator, which represents activities performed by Microsoft engineers after a request was approved.

  6. Select a record to view detailed information about the action.

Export audit records

You can export search results for further analysis. After running the search, on the search results page, select Export to save the audit log as a CSV file. Use this file to filter and sort Customer Lockbox-related activities in tools like Excel.

Exported logs allow compliance teams to maintain records and conduct more in-depth analysis using tools like Excel or Power BI.

By auditing these logs, you can verify that Customer Lockbox requests are processed according to your organization's policies and maintain an accurate record of access activities.