Microsoft Unveils Customer Lockbox for Office 365

Written by Dan Kobialka 1
April 23, 2015

Microsoft (MSFT) has introduced Customer Lockbox for Office 365, a new feature that is designed to provide customers with "unprecedented control over their content." What does Customer Lockbox mean for managed service providers (MSPs)? Here's everything you need to know.

Microsoft (MSFT) has introduced Customer Lockbox for Office 365, a new feature that is designed to provide customers with “unprecedented control over their content.” The technology giant announced the new Office 365 capability during this week’s RSA Conference in San Francisco.

Customer Lockbox enforces access control through multiple levels of approval within Microsoft, according to the company. It logs and audits all Office 365 control activities, Microsoft said, and provides just in-time access with limited and time-bound authorization.

In addition, Customer Lockbox requires customers to provide explicit approval of access to their content by a Microsoft employee for service operations.

So what does Customer Lockbox mean for managed service providers (MSPs)? With this new feature, service providers that offer Office 365 could deliver greater security to their customers.

Microsoft said IT administrators in a customer’s Office 365 environment are notified that there is a request for access and can control who can approve or reject Customer Lockbox requests. Customer Lockbox requests also have a default lifetime of 12 hours, after which they expire and Microsoft engineers are unable to access customer content.

“Use of the Customer Lockbox feature ensures that [a] Microsoft engineer does not get access to the customer’s content without [a] customer’s explicit approval,” Vijay Kumar, Microsoft’s senior product marketing manager, and Raji Dani, principal program manager for the Office 365 Security team, wrote in a blog post. “When the customer gets the request for access, they can scrutinize the request and either approve or reject it. Until the request is approved, the Microsoft engineer will not be granted access.”

Customer Lockbox will be available for Exchange Online by the end of the year, Microsoft said, and for SharePoint Online by the first quarter of 2016.

Microsoft plans to provide content-level encryption for email in Office 365 as well.

Rajesh Jha, corporate vice president for the Office 365 team, noted that deploying this feature “will increase the separation of server administration from the data stored in Office 365, resulting in an added layer of security.”

Microsoft’s new content-level encryption for email will be provided in Office 365 by the end of 2015, Jha said.

What are your thoughts on Microsoft’s Customer Lockbox and content-level encryption for email in Office 365? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at dan.kobialka@penton.com.