Enable Customer Lockbox: Role for Least Privilege | Microsoft 365 Security Administration Exam
Question
You are planning to turn on Customer Lockbox requests in your tenant.
What role is needed to enable Customer Lockbox for your organization? You must use the principle of least privilege.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C
The least privileged role with permission to enable Customer Lockbox for your organization is the Customer LockBox access approver-role.
You can enable Customer Lockbox in the Office 365 admin center, Settings, Org Settings, Security and Privacy.
Select Customer LockBox and choose “Edit”:
/answer/imgckeditor_12.png)
Option A is incorrect.
The Global Administrator is allowed to turn on Customer LockBox, but it is not the least privileged alternative.
Option B is incorrect.
Security Admin does not have permission to turn on Customer LockBox.
Option D is incorrect.
Privileged role administrator does not have permission to turn on Customer LockBox.
To know more about turning on Customer Lockbox, please refer to the link below:
Customer Lockbox is a feature in Microsoft 365 that allows customers to control access to their content in Microsoft datacenters. When an engineer needs access to a customer's data to resolve a support issue, the customer must approve the request before Microsoft grants the engineer access. This ensures that the customer maintains control over their data and can decide who can access it.
To enable Customer Lockbox for your organization, you need to have the Customer LockBox access approver role. This role allows you to approve or deny requests from Microsoft engineers to access customer data.
It's important to note that the principle of least privilege should be followed when granting roles and permissions. The principle of least privilege is a security concept that states that a user should be given the minimum level of access necessary to perform their job functions.
The Global Administrator and Privileged Role Administrator roles have full access to all features and data in the tenant. These roles should only be granted to users who require them to perform their job functions. The Security Administrator role has access to security-related features and data, but not necessarily Customer Lockbox.
Therefore, the correct answer is C. Customer LockBox access approver. This role allows the user to enable Customer Lockbox while adhering to the principle of least privilege.