Announcing Customer Lockbox for Office 365

As a cloud services provider, we recognize that organizations understandably want to have full control over access to their content stored in cloud services. Today at RSA, we announced Customer Lockbox for Office 365, a new capability designed to provide customers with unprecedented control over their content in the service. Customer Lockbox gives customers explicit control in the very rare instances when a Microsoft engineer may need access to customer content to resolve a customer issue.

In our efforts to maximize data security and privacy for Office 365 customers, we have engineered the service to require nearly zero interaction with customer content by Microsoft employees. Nearly all service operations performed by Microsoft are fully automated and the human involvement is highly controlled and abstracted away from customer content. As a result, only in rare cases—such as when troubleshooting a customer issue with mailbox or document contents—does a Microsoft engineer have any reason to access customer content in Office 365.

Microsoft Engineers do not have standing access to any service operation. All access is obtained through a rigorous access control technology called Lockbox. Today, Lockbox enforces access control through multiple levels of approval within Microsoft, providing just-in-time access with limited and time-bound authorization. In addition, all access control activities in the service are logged and audited.

With today’s announcement, we are bringing customers into the Lockbox approval process for instances involving access to customer content. Use of the Customer Lockbox feature ensures that Microsoft engineer does not get access to the customer’s content without customer’s explicit approval. When the customer gets the request for access, they can scrutinize the request and either approve or reject it. Until the request is approved, the Microsoft engineer will not be granted access.



Of course transparency and control are important in achieving trust, and all Customer Lockbox activity will be available to customers via the Office 365 Management Activity logs for easy integration into customer security monitoring and reporting systems.

Customer Lockbox will be available for Exchange Online by the end of 2015, and for SharePoint Online by the first quarter of 2016....


Read more at source: Announcing Customer Lockbox for Office 365 - Office Blogs
 
They probably discovered through an audit that the engineers had too much access and decided to save face and decrease their liability by implementing these controls.
 

My Computers

System One System Two

  • Operating System
    Windows 8.1 Industry Pro x64
    Manufacturer/Model
    HP Pavillion Elite HPE-250f
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF
    Screen Resolution
    1920x1080 &1680x1050
    Hard Drives
    1 TB x2
    Other Info
    https://www.cnet.com/products/hp-pavilion-elite-hpe-250f/
  • Operating System
    Windows 2012 R2 Data center/Linux Mint
    Manufacturer/Model
    Dell Poweredge T140
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 360 GB x2
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
Back
Top