Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: MISUSE
- CIS: M365 3.1 - (L2) Ensure the customer lockbox feature is enabled
This Customer Check verifies via Secure Score if the Customer Lockbox feature is enabled.
Note: This feature is only available for customers with a Microsoft365 E5 license.
Why this check?
The Customer Lockbox feature activates an authorization process in case a Microsoft engineer needs access to data or systems in the tenant. This may be necessary to investigate and resolve issues, but it is advisable to give explicit approval at those times. This prevents anyone from accessing sensitive data without your knowledge.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 3.1 - (L2) Ensure the customer lockbox feature is enabled
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: Customer Lockbox is enabled
- Warning: Customer Lockbox is NOT enabled
How should this be followed up?
If the output is Warning , we advise enabling Customer Lockbox.
An administrator will then be notified if a Microsoft Engineer wants access to your environment.
More information on enabling Customer Lockbox can be found here: Customer Lockbox Requests - Microsoft 365 Compliance | Microsoft Docs
Comments
0 comments
Please sign in to leave a comment.