Understanding the Public Preview of Windows 365 Customer Lockbox

Microsoft

As a cloud PC provider, we recognize that organizations understandably want to have full control over access to their content stored in cloud offerings. Therefore, as announced during last year’s Ignite, we are excited to roll out the Public Preview of Windows 365 Customer Lockbox feature.

 

What is Customer Lockbox?

 

Customer Lockbox ensures that Microsoft support engineers cannot access your content in your Cloud PCs to do service operations without your explicit approval. Customer Lockbox brings you into the approval workflow process to ensure only authorized requests allow access to your content. For more information about Customer Lockbox as a feature in general, please see this documentation on Microsoft Purview Customer Lockbox.

Please note that Windows 365 Customer Lockbox is only available with an M365 E5 subscription or higher.

 

How to enable Windows 365 Customer Lockbox:

 

Customer Lockbox requests on or off

 

You can turn on Customer Lockbox controls in the Microsoft 365 admin center. When you turn on Customer Lockbox, Microsoft must obtain your organization’s approval before accessing any of your tenants’ content.

  1. Using a work or school account that has the global administrator role, go to https://admin.microsoft.com/ and sign in.
  2. Choose Settings > Org Settings > Security & Privacy
  3. In Security & Privacy, select Customer Lockbox.

dereksu_0-1706142275400.png

 

  1. Once you select Customer Lockbox, a right-hand column will appear. Check the Require approval for all data access request checkbox and press the Save button on the bottom of the column to turn on the feature.

dereksu_1-1706142275403.png

 

 

Submit a Support Ticket for your Windows 365 Cloud PC (CPC)

 

  1. Using a work or school account that has role assigned or an Azure Active Directory (Azure AD) role that must include the action microsoft.office365.supportTickets, go to https://intune.microsoft.com/ and sign in.
    1. For more information on specific Azure AD roles that contain the action microsoft.office365.supportTickets, please visit Azure AD built-in roles - Microsoft Entra | Microsoft Learn and search for the action in CTRL + F.
    2. Examples of the roles are Authentication Administrator, Azure Information Protector Administrator, etc.
  2. On the left-hand side, go to Troubleshooting + support and select Help and support to open a full screen experience of Help and support.
  3. Under the title What can we help you with?, select “Windows 365” option.

dereksu_2-1706142275407.png

 

  1. For the search bar under How can we help?, type in “Cloud PC” and select the option “Cannot connect to Cloud PC”

dereksu_3-1706142275409.png

 

  1. Scroll down and select the “Contact Support” button on the bottom of the screen.

dereksu_4-1706142275413.png

 

  1. Under Contact Support, select “Email”

dereksu_5-1706142275416.png

 

 

  1. Under description put in
  2. Fill out your number, email address, and consent to recordings of all calls necessary to resolve this service request.
  3. Press “Contact Me” button on the button once everything is filled out.

 

Wait for Customer Lockbox request

 

We will process your support ticket request with our Support as a Feature team. Once we go through all the steps you should be receiving a Customer Lockbox request email in your inbox for Windows 365 to access your troubleshooting CPC.

An example of a Customer Lockbox request email notification is shown below:

dereksu_6-1706142275435.png

 

 

Approve or deny a Customer Lockbox request

 

  1. Using a work or school account that has either the global administrator or the Customer Lockbox access role assigned, go to https://admin.microsoft.com/ and sign in.
  2. Choose Support > Customer Lockbox Requests

dereksu_7-1706142275436.png

 

  1. A list of Customer Lockbox requests displays.

dereksu_8-1706142275438.png

 

  1. Select the Customer Lockbox request, and then choose Approve or Deny.

dereksu_9-1706142275439.png

 

 

dereksu_10-1706142275440.png

 

 

dereksu_11-1706142275453.png

 

 

Checking Audit

 

  1. Once just-in-time (JIT) access expires and the troubleshooting ticket is completed, users can go to compliance.microsoft.com and go to the audit section to see what was done during the session.

dereksu_12-1706142275457.png

 

 

Additional Resources

 

For more information on Customer Lockbox requests please see this documentation: Customer Lockbox requests | Microsoft Learn

For more information on submitting support tickets on Microsoft Intune admin center, please see this documentation: Get support in the Microsoft Intune admin center - Microsoft Intune | Microsoft Learn

 

0 Replies