Search in the Content Manager does not currently include items in Trash. This is a security/eDiscovery challenge currently.

We auto-delete completed projects after 30 days and would like to automate this process with retention policies.

Currently, a Permanently delete content policy only deletes the content within a folder, however, we need the folder itself deleted because it contains the confidential name of the project.

Files in a folder (or globally) would be purged after a certain period of time, but if a user wants to remove the content before that time, they would be able to do so.

The inflexibility of current retention policies does not allow customers to meet all of their legal obligations. Currently, if a retention policy is placed on a document, it is not possible to permanently delete the document before the retention period is completed.

While these retention policies settings may work (and are required) for FINRA compliance, they cannot be used for all use cases. For example, if an organization reaches a legal settlement, and part of the settlement is the destruction of certain content (either one user's content or content specific to the case), this request cannot be completed.

'Upload' Policy Type does not provide the option to apply at a folder level. It would be ideal if all policy types had the option to apply it to specific folders.

Currently, there's no way (aside from digging through Box events) to look at Legal Hold policies that have been 'released'.

This means that once a user clicks 'Release' on a hold, there's no UI for that hold anymore whatsoever.

Digging through unique events in Usage Logs is not an answer to 'show me the holds that we've released - I want to take a quick look at the holds the team has been releasing recently'.

REQUEST: Add a 'Released Holds' section to the bottom of the existing Legal Holds UI in the Admin Console.

Box retains log data for a year, but we need longer log retention period for Legal Holds.

We are leveraging the Policies engine to create Upload Policies to detect and prevent PII from being uploaded into Box. When the upload policy exception is triggered, we would like to see a report or somewhere on the screen exactly where in the document the file violated the policy.

Ideally, by knowing what exactly triggered the policy, we would then use the 'Mark as False Positive' feature in the Content Manager Quarantine location to improve the Policy Engine's accuracy accordingly.

There is no way to manage the quarantine process programmatically. As a result, we must individually release / delete quarantined files via the UI.

Given that the policies have a tendency to generate false positives, this process becomes very time consuming and difficult to manage and requires valuable IT time to click buttons (often for hours).

At our scale, and since we opt to use DLP policies, it's impossible to manage.

Use Case: General Counsel gets subpoenaed to turn over all content related to specific words or phrases

Legal Holds Report includes "File Version ID", but this value is like "109680448118".

We have to call APIs to get the actual version number. It's more useful to include "sequence_id" in Legal Holds Report.

When some user invites an external collaborator as "Editor" to some folder, the external user can delete any files in the folder. The deleted file is sent to the external collaborator's trash. It's not good for some security-centric customer, so they need the function to prohibit that an external collaborator deletes files to protect their assets.

In larger companies, Content Manager's organization of trash (by Owner) and searching through Usage Logs are both overly cumbersome when looking for a file that a user has 'lost' (aka that's been deleted).

To ease this pain, please build a unified/consolidated/global 'All Trash' view added somewhere in the Admin Console -- likely in Content Manager.

From that view, an admin would be able to see:
1. File/folder name
2. Date deleted
3. Owner
4. Deleted by (user)
5. Option to permanently delete or restore

137 files flagged so far today for Social Security Violation. Here is the warning information: File attached.

I am getting so many false positives that I would need a team to look at every single file that gets flagged. The scanning engine is terrible. Please escalate to your internal dev group so it can get fixed.

In the current Legal Hold report export (Excel file), users are referred to by their User ID (e.g., 123233124) which isn't really helpful for an admin to identify 'who' that is.

Using email address would be a much better field to include, either replacing the User ID field OR adding in Email as an additional column.