Microsoft Office 365 Announces Customer Lockbox

Last month at RSA, the information security-related conference, Microsoft Office 365 announced Customer Lockbox. Customer Lockbox is a new capability designed to provide customers with more control over their content in Office 365. Customer Lockbox is designed to give customers full control for instances when a Microsoft engineer may need access to your content to resolve your customer issues.

Office 365 has put in effort to maximize data security and privacy for their customers. Office 365 says “we have engineered the service to require nearly zero interaction with customer content by Microsoft employees”. Nearly all of the service operations that are performed by Microsoft are fully automated. Our human involvement is controlled heavily and is focused away from customer content. So only in rare cases, like when Microsoft employees are troubleshooting a customer issue with mailboxes or document content does a Microsoft engineer have any reason to access customer content in Office 365.

Microsoft engineers are not allowed access to any service operation. All access is granted through a meticulous access control technology called Lockbox. Lockbox enforces access control through multiple levels of approval within Microsoft, giving just-in-time access with limited and time-bound authorization. In addition, all access control activities in the service are logged, and audited.

With this new security announcement, Microsoft is bringing customers into the Lockbox approval process for instances that involve access to customer content. Using the Customer Lockbox feature will ensure that Microsoft engineers will not get access to your content without your explicit approval. Once you get a request for access, you can either approve or reject the request from Microsoft engineers, and until the request is approved the Microsoft engineer will not be granted access.

Microsoft is trying to achieve unequivocal transparency for their security and privacy that customers can put their trust in. Launching Customer Lockbox is a big step in gaining the trust of more customers. As an Office 365 customer you can manage your activity logs and easily have them integrated into customer security monitoring systems.

Microsoft is saying that Customer Lockbox will be available for Exchange Online by the end of 2015, and for SharePoint Online by the first quarter of 2016.

How would you feel if your organizations private information was being leaked?

We know Edward Snowden as the computer professional that leaked information from the National Security Agency (NSA) to the mainstream media, to the tune of around 200,000 “Top Secret” and even more restrictive “Special Intelligence” stamped documents.

Now what if an individual or group of hackers leaked your organizations private information? How would that effect you and your non-profit?

Customer Lockbox was created to help minimize and even stop security issues before they have the chance to start. Having full control over access to your content through the customer lockbox service is a powerful feature. Opening up specific privileges that are necessary for Microsoft engineers to help you resolve your issue will eliminate a lot of headaches.

How do you think this new security and privacy feature will do, in making you feel more comfortable as an office 365 customer?

Do you currently have any security and privacy issues your organization needs help with? Let us know, we can help!