Merge pull request #275778 from msmbaldwin/patch-33

prmerger-automator[bot] · web-flow · commit 9f6dcc752f62 · 2024-05-22T17:00:13.000Z
Update customer-lockbox-overview.md
diff --git a/articles/security/fundamentals/customer-lockbox-overview.md b/articles/security/fundamentals/customer-lockbox-overview.md
@@ -132,7 +132,7 @@ We introduced a new baseline control ([PA-8: Determine access process for cloud
 
 Customer Lockbox requests are not triggered in the following scenarios:
 
-- Emergency scenarios that fall outside of standard operating procedures. For example, a major service outage requires immediate attention to recover or restore services in an unexpected or unpredictable scenario. These “break glass” events are rare and, in most instances, do not require any access to customer data to resolve.
+- Emergency scenarios that fall outside of standard operating procedures and require urgent action from Microsoft to restore access to online services or to prevent corruption or loss of customer data. For instance, a major service outage or a security incident demands immediate attention to recover or restore services under unexpected or unpredictable circumstances. These "break glass" events are rare and, in most cases, do not necessitate access to customer data for resolution. The controls and processes governing Microsoft's access to customer data in core online services align with NIST 800-53 and are validated through SOC 2 audits. For further information, refer to the [Azure security baseline for Customer Lockbox for Microsoft Azure](/security/benchmark/azure/baselines/customer-lockbox-for-microsoft-azure-security-baseline).
 - A Microsoft engineer accesses the Azure platform as part of troubleshooting and is inadvertently exposed to customer data. For example, the Azure Network Team performs troubleshooting that results in a packet capture on a network device. It is rare that such scenarios would result in access to meaningful quantities of customer data. Customers can further protect their data through the use of Customer-managed keys (CMK), which is available for some Azure service. For more information see [Overview of Key Management in Azure](key-management.md).
 
 External legal demands for data also do not trigger Customer Lockbox requests. For details, see the discussion of [government requests for data](https://www.microsoft.com/trust-center/) on the Microsoft Trust Center.
