Customer Lockbox Check [CHK-1320]
This check verifies if the Customer Lockbox feature is enabled in Microsoft 365.
Rationale
The Customer Lockbox feature triggers an authorization process when a Microsoft engineer requires access to data or systems in the tenant. It is crucial to prevent unauthorized access to sensitive data.
Fix
An automated fix is not available.
To fix it yourself:
- Go to Microsoft Admin
- Choose Settings > Organizational settings > Security & privacy.
- Select Security & privacy and then select Customer Lockbox in the left column.
- Check the box Require approval for all data access requests and save the changes to enable the feature.
Impact
Enabling Customer Lockbox ensures that explicit approval is needed whenever a Microsoft engineer needs access to your data or systems. This prevents unauthorized access to sensitive data.