Welcome to Auditing Customer Lockbox Requests.

As I mentioned earlier, Customer Lockbox requests get logged in the Microsoft 365 audit log. Using the audit log search tool in the Microsoft 365 Compliance Center allows you to review these logs. 

Now, I do need to point out that before you can do this auditing stuff, you need to set up audit logging, and you need to assign the appropriate permissions for searching the audit log. Since this course isn’t about auditing, I’ll just point you to the URL that you see on your screen for information on setting up basic auditing in Microsoft 365:

Once you’ve got auditing setup, you can use it to audit Customer Lockbox requests – and to do so, browse to https://compliance.microsoft.com, and login with an account that has been assigned the appropriate permissions to search the audit log.

Choose the Audit option in the left pane of the compliance center to display the Audit page, which you can use to perform audit searches.

From here, you can choose the timeframe you want to search, the activities you want to search for, the related users, files, folders, and sites.

Leave the Activities field blank so that the search returns audit records for all activities. You have to leave this blank to return audit records for Customer Lockbox requests and the activity performed by Microsoft engineers.

You should also leave the other fields blank as well.

When you click Search, the results are displayed. 

In the list of results, the audit records with an activity of Set-AccessToCustomerDataRequest are those that are related to an approver in your organization approving or denying a Customer Lockbox request.

You can then, of course, export your results to a CSV file if you need or want to.

So that’s how you audit Customer Lockbox requests.