Forum Discussion
Taen keren
Sep 02, 2020Steel Contributor
Customer Lockbox for partners
Hi
Does anyone know if the Customer Lockbox functionality is possible to apply to partners/users and not just MS - so it applies to B2B? - so the partner can't access the customer's data, (files, emails, etc.)?
The partner has (global) admins rights, so how does one prevent access to the data or at least log it ?
Otherwise, if someone could point to another solution, where GA is blocked?
Hi, Customer Lockbox is only for Microsoft support I'm afraid.
You can control access to the data using Conditional Access Policies, and / or Privileged Identity Management as per https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-external-users
- Taen kerenSteel Contributor
PeterRising -hmmm... If I could combine the CA with the actual Classification label - it would be great
e.g.
If a document labeled 'Highly confidential' - then no global admin, compliance admin or other privileged role, had access to the document - only the end-users or the group specified in the label had access.
I'm not aware if this can be achieved now? -I can see this one at the uservoice: https://office365.uservoice.com/forums/928576-microsoft-information-protection-mip/suggestions/19602304-conditional-access-policies-for-highly-sensitive-i
No there is nothing that will work quite like that just yet I'm afraid. One for the roadmap hopefully.