Azure Lockbox Helps Customers Control Data Access by Microsoft

• Customer Lockbox for Azure allows customers to approve or deny access to their Azure data by Microsoft support personnel.
• There is no charge for Customer Lockbox for Azure, but customers must have an applicable Azure support plan to take advantage of it.
• Azure Lockbox could be useful for organizations to help ensure they’re meeting regulatory compliance requirements.
• While many Azure services are supported with Lockbox for Azure, not all services are.

Customer Lockbox for Azure (formally Customer Lockbox for Microsoft Azure) is a free feature that enables customers to review and either approve or deny access to their Azure tenancy by Microsoft support staff (and any applicable Microsoft sub-processors) when it’s required. This allows customers to get oversight into when Microsoft staff may require access to their data, control whether that access will be permitted, and ensure that a complete audit trail exists for access. There are limitations in terms of which Azure services work with Customer Lockbox for Azure, although most key services support it. Customers who use Privileged Identity Management (PIM) will need to handle requests carefully, as PIM elevations must occur prior to the request being granted. Lockbox can be useful for customers working with sensitive data that requires additional controls. However, there are also a handful of scenarios where Microsoft admits that Lockbox could be bypassed for emergency or legal reasons.