3.1 Ensure the customer lockbox feature is enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Customer Lockbox is a security feature that provides an additional layer of control and transparency to customer data in Microsoft 365. It offers an approval process for Microsoft support personnel to access organization data and creates an audited trail to meet compliance requirements.


Enabling this feature protects organizational data against data spillage and exfiltration.


Administrators will need to grant Microsoft access to the tenant environment prior to a Microsoft engineer accessing the environment for support or troubleshooting.


To enable the Customer Lockbox feature:

Navigate to Microsoft 365 admin center https://admin.microsoft.com.

Click to expand Settings then select Org settings.

Select Security & privacy tab.

Click Customer lockbox.

Check the box Require approval for all data access requests.

Click Save.

To set the Customer Lockbox feature to enabled using PowerShell:

Connect to Exchange Online using Connect-ExchangeOnline.

Run the following PowerShell command:

Set-OrganizationConfig -CustomerLockBoxEnabled $true

Default Value:

Require approval for all data access requests - Unchecked

CustomerLockboxEnabled - False

See Also