Mar 28 2018
- last edited on
May 24 2021
Microsoft documentation notes, "In order to Approve or Deny Customer Lockbox requests, and receive the Customer Lockbox Request email notifications, the user will need either Global Administrator permissions or the Organization Management Role applied through RBAC."
An Organization Management Role group exists in both the Exchange Online Admin Center and the Security & Compliance Admin Center, however they appear to be separate/permissions are not linked.
What Organization Management Role group will receive Customer Lockbox requests, those in the Exchange Admin Org Mgmt group or in the Security & Compliance Org Mgmt group?
I also do not see a specific Lockbox approver role. Are there any plans to add that role?
Mar 28 2018 01:04 PM
Those in the Exchange admin center. As for the Lockbox approval role, it's not exposed in the portal, you will have to manage the assignments via PowerShell:
Get-MsolRole -ObjectId 5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91 ObjectId Name Description -------- ---- ----------- 5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91 Customer LockBox Access Approver Customer LockBox Access Approver has approval access to user data requests.