Microsoft Entra ID · Security & Compliance
Customer LockBox Access Approver
Can approve Microsoft support requests to access customer organizational data. Critical for controlling Microsoft engineer access.
Scope: Control over Microsoft support engineer access to tenant data
Permissions
- Approve Customer Lockbox requests
- Deny Customer Lockbox requests
- View pending Lockbox requests
- Turn Customer Lockbox feature on/off
- Receive Lockbox request notifications
Common use cases
- Approving Microsoft support access
- Reviewing support request justifications
- Maintaining audit trail of access approvals
- Controlling data sovereignty
- Compliance with data access policies
Best practices
- Review each request carefully
- Verify support case context
- Document approval decisions
- Set up notification alerts
- Have backup approvers available
Security considerations
- This is a PRIVILEGED role - controls external access
- Microsoft engineers cannot access data without approval
- Audit all approval decisions
- Critical for regulated industries
- Consider 24/7 approver availability