Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Organization Management Role & Lockbox Approvals

Steel Contributor

Microsoft documentation notes, "In order to Approve or Deny Customer Lockbox requests, and receive the Customer Lockbox Request email notifications, the user will need either Global Administrator permissions or the Organization Management Role applied through RBAC."


An Organization Management Role group exists in both the Exchange Online Admin Center and the Security & Compliance Admin Center, however they appear to be separate/permissions are not linked.  


What Organization Management Role group will receive Customer Lockbox requests, those in the Exchange Admin Org Mgmt group or in the Security & Compliance Org Mgmt group?


I also do not see a specific Lockbox approver role.  Are there any plans to add that role?

1 Reply

Those in the Exchange admin center. As for the Lockbox approval role, it's not exposed in the portal, you will have to manage the assignments via PowerShell:


Get-MsolRole -ObjectId 5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91

ObjectId                               Name                             Description
--------                               ----                             -----------
5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91   Customer LockBox Access Approver Customer LockBox Access Approver has approval access to user data requests.