Azure Customer Lockbox feature which will help a customer to control how a Microsoft support engineer is going to access customer data.
By design, this feature is enabled so you do not need to do anything.
Workflow
- You have an issue with your Azure workload.
- You try to troubleshoot the issue, but can’t fix it.
- Open a case from the Azure Portal. The ticket is assigned to an Azure Customer Support Engineer.
- An Azure Support Engineer reviews the service request.
- If the support engineer can’t troubleshoot the issue by using standard tools and telemetry, the next step is to request elevated permissions by using a Just-In-Time (JIT) access service.
- When the request requires direct access to customer data, a Customer Lockbox request is initiated.
- The request is now in a Customer Notified state, waiting for the customer’s approval before granting access.
- At the customer organization, the user who has the owner role for the Azure subscription receives an email from Microsoft, to notify about the pending access request.
Then, you will be able to:
- Approve: Access is granted to the Microsoft engineer. The access is granted for a default period of eight hours.
- Deny: The elevated access request by the Microsoft engineer is rejected and no further action is taken.
Thanks for reading! You can follow me on Twitter @PrigentNico
