Customer Lockbox for Office 365

The Office 365 Customer Lockbox service, currently available for Exchange Online, will be available for SharePoint Online and OneDrive for Business in the second quarter of 2016. Customer Lockbox enables customers to approve each and every access to their Microsoft-hosted Office 365 content by Microsoft personnel. However, the service protects content but not all Office 365 data, such as metadata about the content, and it should be combined with additional technologies for the highest levels of data security.

How Customer Lockbox Works

To fix problems with Microsoft software and services, Microsoft engineers sometimes require access to Office 365 data. For example, during a break-fix service request for Exchange Online, engineers may need to look at the content of e-mails stored in Exchange. Before accessing the customer data, the engineers must always receive approval from Microsoft support managers.

On a user account where the Customer Lockbox service has been enabled, a Microsoft engineer must request “two keys” for access, receiving permission (one key) from a Microsoft support manager as well as a second permission (the second key) from a designated customer administrator before receiving temporary rights to access the stored data.