How to Enable Customer LockBox in Azure?

Azure Customer Lockbox feature which will help a customer to control how a Microsoft support engineer is going to access customer data.

By design, this feature is enabled so you do not need to do anything.


  1. You have an issue with your Azure workload.
  2. You try to troubleshoot the issue, but can’t fix it.
  3. Open a case from the Azure Portal. The ticket is assigned to an Azure Customer Support Engineer.
  4. An Azure Support Engineer reviews the service request.
  5. If the support engineer can’t troubleshoot the issue by using standard tools and telemetry, the next step is to request elevated permissions by using a Just-In-Time (JIT) access service.
  6. When the request requires direct access to customer data, a Customer Lockbox request is initiated.
  7. The request is now in a Customer Notified state, waiting for the customer’s approval before granting access.
  8. At the customer organization, the user who has the owner role for the Azure subscription receives an email from Microsoft, to notify about the pending access request.

Then, you will be able to:

  • Approve: Access is granted to the Microsoft engineer. The access is granted for a default period of eight hours.
  • Deny: The elevated access request by the Microsoft engineer is rejected and no further action is taken.

Thanks for reading! You can follow me on Twitter @PrigentNico

About Nicolas 282 Articles
I work as an IT Production Manager, based in Paris (France) with a primary focus on Microsoft technologies. I have 10 years experience in administering Windows Servers. . I am a Microsoft MVP for Cloud & Datacenter Management. I also received the PowerShell Hero 2016 award by PowerShell.0rg. And finally, I am "MCSE: Cloud Platform and Infrastructure", "MCSA: Windows Servers", "Administering & Deploying SCCM", and CheckPoint CCSA certified.