You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/openshift/howto-use-lockbox.md
+20-34Lines changed: 20 additions & 34 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,37 +1,37 @@
1
1
---
2
-
title: Using Azure Lockbox to manage customer data access
3
-
description: In this how-to article, learn how to use Azure Lockbox to review customer data access requests for Azure Red Hat Openshift.
2
+
title: Using Azure Lockbox to authorize support access to Azure Red Hat OpenShift cluster resources.
3
+
description: In this how-to article, learn how to use Azure Lockbox to review support requests to access Azure Red Hat OpenShift cluster resources.
4
4
author: johnmarco
5
5
ms.service: azure-redhat-openshift
6
6
ms.topic: how-to
7
7
ms.author: johnmarc
8
-
ms.date: 10/26/2022
8
+
ms.date: 11/11/2022
9
9
topic: how-to
10
10
keywords: azure, openshift, aro, red hat, lockbox
11
-
#Customer intent: I need to learn how to manage customer data requests for my Azure Red Hat Openshift installation.
11
+
#Customer intent: I need to learn how to authorize or reject requests from Microsoft support engineers to access my Azure Red Hat OpenShift cluster resources.
12
12
---
13
13
14
-
# Manage customer data requests with Azure Lockbox
14
+
# Authorize support requests for cluster access with Azure Lockbox
15
15
16
-
In some circumstances, a support agent at Microsoft or Red Hat may need access to a customer’s OpenShift clusters and Azure environment. The Azure Lockbox feature works with Azure Redhat OpenShift to provide customers a way to review and approve/reject customer data access requests. This ability can be particularly important for financial, government, or other regulatory industries where there is extra scrutiny regarding access to customer data.
16
+
In some circumstances, a support agent at Microsoft may need access to your OpenShift cluster resources. The Azure Lockbox feature works with Azure Redhat OpenShift to provide customers a way to review and approve/reject requests from Microsoft support to access their cluster resources. This ability can be particularly important for financial, government, or other regulatory industries where there is extra scrutiny regarding access to resources.
17
17
18
-
With Azure Lockbox, whenever a support ticket is created, you have the ability to grant consent to Microsoft and Red Hat support agents to access your environment to troubleshoot and resolve issues. Azure Lockbox will tell you exactly what support agents are trying to access to help resolve your issues.
18
+
With Azure Lockbox, whenever a support ticket is created, you have the ability to grant consent to Microsoft support agents to access your cluster resources. The actions that the support engineer can take are limited to those [listed below](#aro-lockbox-actions). Azure Lockbox will tell you exactly what action the support agent is trying to execute.
19
19
20
-
See [Customer Lockbox](/azure/security/fundamentals/customer-lockbox-overview) for more information and instruction on the Lockbox feature.
20
+
See [Customer Lockbox](/azure/security/fundamentals/customer-lockbox-overview) for more information about the Lockbox feature.
21
21
22
22
## Access request process
23
23
24
24
1. The Azure Lockbox workflow consists of the following main steps:
25
-
1. A support ticket is opened from the Azure portal. The ticket is assigned to a customer support engineer at Microsoft or Red Hat.
26
-
1. The customer support engineer review the service request and determines the next steps to resolve the issue.
27
-
1. When the request requires direct access to customer data, a Customer Lockbox request is initiated. The request is now in a **Customer Notified** state, waiting for the customer's approval before granting access.
25
+
1. A support ticket is opened from the Azure portal. The ticket is assigned to a customer support engineer at Microsoft.
26
+
1. The customer support engineer reviews the request and determines the next steps to resolve the issue.
27
+
1. When the request requires direct access to cluster resources, a Customer Lockbox request is initiated. The request is now in a **Customer Notified** state, waiting for the customer's approval before granting access.
28
28
1. An email is sent from Microsoft to the customer, notifying them about the pending access request.
29
29
1. The customer signs in to the Azure portal to view the Lockbox request and can Approve or Deny the request.
30
30
31
31
As a result of the selection:
32
32
33
-
- Approve: Access is granted to the Microsoft engineer. The access is granted for a default period of eight hours.
34
-
- Deny: The elevated access request by the Microsoft engineer is rejected and no further action is taken.
33
+
- Approve: Access is granted to the Microsoft support engineer. The access is granted for a default period of eight hours.
34
+
- Deny: The elevated access request by the support engineer is rejected and no further action is taken.
35
35
36
36
See [Customer Lockbox--workflow](/azure/security/fundamentals/customer-lockbox-overview#workflow) for additional details about the access request process.
37
37
@@ -40,7 +40,6 @@ See [Customer Lockbox--workflow](/azure/security/fundamentals/customer-lockbox-o
40
40
- The Lockbox feature works only with customer support tickets.
41
41
- Customers can only grant access through the Lockbox interface.
42
42
- No action can be taken until customer approval is granted.
43
-
- Lockbox cannot be intergrated with Kusto/Azure Data Explorer.
44
43
45
44
## Enable Lockbox for ARO
46
45
@@ -51,26 +50,13 @@ You can enable Customer Lockbox from the [Administration module](https://aka.ms/
51
50
52
51
## ARO Lockbox actions
53
52
54
-
The tables below list typical actions and whether or not they require Lockbox:
0 commit comments