Hi All,

Greetings for the day !!!

In last article we discussed about Customer lockbox – Microsoft 365 – Customer lockbox is enabled for Microsoft Teams: Important feature for large tenants or more requests for Microsoft Support – Part 1 – https://knowledge-junction.in/2022/05/24/microsoft-365-customer-lockbox-is-enabled-for-microsoft-teams-important-feature-for-large-tenants-or-more-requests-for-microsoft-support-part-1/

In this article we will discuss bit more about Customer lockbox related PowerShell cmdlet and audit logging feature

Take away from this article

• What is Microsoft Purview
• PowerShell to Approve / Deny / Cancel Microsoft Purview Customer Lockbox
• Audit Logs for Customer Lockbox Request
• Searching Audit logs for Customer Lockbox requests from Microsoft Purview compliance portal
• Searching Audit logs for Customer Lockbox requests using PowerShell

Details :

• Microsoft 365 Customer lockbox is now Microsoft Purview Customer Lockbox
• Microsoft Purview –
  • Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded
  • Combines the capabilities of the former Azure Purview and the Microsoft 365 Compliance portfolio, providing unified data governance and risk management for your organization
  • Enables easy access to all your data, security, and risk solutions
  • Helps safeguard and manage sensitive data across clouds, apps, and endpoints
  • Manages end-to-end data risks and regulatory compliance
  • Microsoft Purview brings together data governance from Microsoft Data and AI, along with compliance and risk management from Microsoft Security
  • For more details on Microsoft Purview please visit – The future of compliance and data governance is here: Introducing Microsoft Purview

PowerShell to Approve / Deny / Cancel Microsoft Purview Customer Lockbox

• In previous article we discussed how to Approve / Deny Microsoft Purview Customer Lockbox request from admin center
• We could also Approve / Deny Microsoft Purview Customer Lockbox request using PowerShell cmdlet – Set-AccessToCustomerDataRequest

Set-AccessToCustomerDataRequest
   -ApprovalDecision <AccessToCustomerDataApproverDecision>
   -RequestId <String>
   [-Comment <String>]
   [<CommonParameters>]

Where 
Values for "ApprovalDecision" are
- Approve
- Deny
- Cancel

• Example

Set-AccessToCustomerDataRequest -ApprovalDecision Approve -RequestId EXSR987654 -Comment "Kindly please approve this request"

Audit Logs for Customer Lockbox Request

• As discussed in previous article, Audit record related to Customer Lockbox request is logged to Microsoft 365 audit log
• When our respective admin Approve / Deny Customer Lockbox request “Set-AccessToCustomerDataRequest” auditing activity is logged
• We can access respective audit logs from “audit log search tool” in Microsoft Purview compliance portal

Searching Audit logs for Customer Lockbox requests from Microsoft Purview compliance portal

• Log in to Microsoft Purview compliance portal – https://compliance.microsoft.com/homepage

• From the left pane – under “Solutions” click on “Audit” link
• We will be navigating to – “Audit log search page” – https://compliance.microsoft.com/auditlogsearch?viewid=Test%20Tab

• Set the search criteria
  • Start date / End date
  • Users – leave this field blank
  • File, folder or site – leave these field blank
  • Activities – select – Customer Lockbox activities – Set-AccessToCustomerDataRequest

Searching Audit logs for Customer Lockbox requests using PowerShell

• We could also search Audit logs with PowerShell cmdlet using – Search-UnifiedAuditLog

Search-UnifiedAuditLog -StartDate xx/xx/xxxx -EndDate xx/xx/xxxx -Operations Set-AccessToCustomerDataRequest

• Here, please note in above PowerShell cmdlet operations parameter is – Set-AccessToCustomerDataRequest

Microsoft 365 Roadmap ID : 86910

Thanks for reading!!! Please feel free to discuss in case any questions / suggestions / thoughts !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂