Sep 02 2020 04:35 AM - edited Sep 02 2020 05:46 AM
Hi
Does anyone know if the Customer Lockbox functionality is possible to apply to partners/users and not just MS - so it applies to B2B? - so the partner can't access the customer's data, (files, emails, etc.)?
The partner has (global) admins rights, so how does one prevent access to the data or at least log it ?
Otherwise, if someone could point to another solution, where GA is blocked?
Sep 02 2020 05:48 AM
Hi, Customer Lockbox is only for Microsoft support I'm afraid.
You can control access to the data using Conditional Access Policies, and / or Privileged Identity Management as per https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-...
Sep 05 2020 12:00 AM - edited Sep 05 2020 12:06 AM
@PeterRising -hmmm... If I could combine the CA with the actual Classification label - it would be great
e.g.
If a document labeled 'Highly confidential' - then no global admin, compliance admin or other privileged role, had access to the document - only the end-users or the group specified in the label had access.
I'm not aware if this can be achieved now? -
I can see this one at the uservoice: https://office365.uservoice.com/forums/928576-microsoft-information-protection-mip/suggestions/19602...
Sep 05 2020 07:59 AM
No there is nothing that will work quite like that just yet I'm afraid. One for the roadmap hopefully.