Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
379 results found
-
Greater flexibility in watermarking configuration
Based on our documentation:
Rasterized watermarking only (default) - Provides increased security, but no resolution scaling, no searchability, no clickable links, a moderate file size overhead, and reduced usability. This watermark type can't be removed without damaging the underlying content.Customers that want to follow a higher level of security protocol when watermarking files currently have to choose which approach is more important at an EID level.
Watermarking configuration should have greater flexibility so that the choice of rasterized or vector based watermarking is done at either a folder level OR via the shield policy assignment OR both.
This provides…
1 vote -
Automatic actions based on alerts
We would like to be able to set automated actions based on alerts. For example if Box detects anomalous download with a risk score higher than e.g. 60 or a set threshold of number of files, the user’s account will be locked to stop further downloads.
A message should then be sent to the user and IT admin that it has been locked due to anomalous download detection. Then IT need to do a investigate and take action, or reactivate the account if it is a false positive.
The pain point of not having this option is that the current…
1 vote -
Capability to finalize files
It would be useful if it's possible to "finalize" files. Means some persons work on a file together until it is finalized and then prevent any further modification on the file. There is the Lock function, but then the person who locked the file, could still unlock it.
1 vote -
Enable ability to require that someone shares their email when depositing a File Request
Enable ability to require that someone shares their email when depositing a File Request.
Today, I can only require someone to login to their Box account OR use a text field that says email, but I want a field SPECIFICALLY called email inside of File Request, so that I can trigger a Box Relay workflow to notify the email of whoever triggered the workflow (e.g. if a submission is denied, I want to notify them that it was denied and to include why........ if a submission was approved, I want to notify them that it was approved and to include…
1 vote -
Shared link expiration - based on no interaction
It would help increase security if we had an option for external links - if they aren’t interacted with after a number of days (30,60,90, etc) they’re deactivated. Our team shares content but there is often turnover and no way to know if links are still out there. With an external link report, it would help show what's out there, but would be helpful to have additional controls.
1 vote -
Restrict day of week and/or times when licensed users can authenticate into Box
Allow admins the option to restrict which days of the week and/or time of day is allowed for licensed users to authenticate into Box, individually and/or as part of a role/Box Group. This would be helpful for multiple use-cases. Restricting Box access at specific times can assist with ensuring compliance with wage and hour laws, limiting changes that can be made in Box to times when staff will be available to respond and/or address changes, and limiting access during periods where access is not expected or desired by the licensing organization helping to better secure Box content.
1 vote -
Modify session duration across all plans
A 14 day session duration is a highly unnecessary security risk for any organization working information with any level of sensitivity. Please open up the ability to reduce this to any paid plan, rather than only the Enterprise plan. It feels like a very minor thing compared to the more complex feature sets and automation that otherwise distinguish the plans. It was sub-optimal, but somewhat acceptable, to not be able to reduce this when the default was 48 hours, but it's really concerning to not be able to do so now that the default has been made so much longer.
1 vote -
Box Relay: Remove Collaborators and Shared Links
We would like the ability to use Box Relay to automatically remove all Collaborators and Shared Links from a folder and all of the sub-items within that folder.
This functionality would be used to secure company files when an employee is off-boarded and ideally this process would be generated by placing a folder within another folder.1 vote -
Cryptographic Erasure
Following NIST 800-88, we need the ability to 'destroy' certain high sensitivity data. Cryptographic Erasure is one of the options, basically encrypting the data and then losing the key. Until then, certain research projects and grants that require data destruction or DoD level erasure (and we are seeing lots of boilerplate contracts with that requirement) will not be hosted in Box.
1 vote -
Allow One-Off Reissue of Custom Terms of Service in Box
If a user ever rejects a custom terms of service, they are not able to access Box or attempt to connect via the collaboration link. It seems that they could try again in 30 days (we have not tested, this is way too long to wait for a time-out).
The only resolution to allow the single external collaborator to "reset" the ToS and accept them to sign in is to disable and re-enable custom ToS for all users.
This is a major problem - we should not have to revalidate all ToS for EVERY user to resolve an issue for…
1 vote -
New Authentication Process at sign in
The new authentication process is forcing us to use two step authentication even with our ATB Email address' every time we enter or come back after a period of time.
I am really hopeful that this is being looked into as its the most inconvenient. Our CSR's do not have business devices for google authenticator nor does the text feature seem to work to the branch office phones and when you ask it to call it takes a bit for the phones to ring and connect and cuts half the message off so we don't get a code. This is…
1 vote -
Password Requirements - customize min required characters
Password Requirements -> Minimum required characters -> only has the options of 6, 7, 8, 10 and 12. We would like to be able to set this character as 9, or any number in between 6-12.
1 vote -
keysafe
Box keysafe requires the use of a specific AWS region, but from the perspective of disaster response, we request that the service be deployed in multiple regions.
1 vote -
Select which 2FA/2SV feature
There are currently 2 2FA mechanisms, SMS or Auth App.
We would like to be able to select which mechanism to be available to users. We want to avoid users from having to use SMS1 vote -
Hide and add permissions to folders
I would like to hide or lock folders as I have multiple employees.
1 vote -
Prevent Co-owner from assigning Co-owner to other users
We would like to see the option to prevent a user with Co-owner permission from being able to assign Co-owner permission to other user's.
1 vote -
Wildcards for Allowedlisted domains
Allow for * wildcard domains for allowed domains on enterprise settings.
1 vote -
Infinite redirects in SSO-enabled mode when a user's password expires
In SSO enabled mode, you can sign in with a password. When a user's password expires, they are forced to change their password. If you try to sign in with SSO in this situation, you will be redirected indefinitely and you will not be able to sign in.
In this case, Box should redirect to the password change page after accepting the authentication.
1 vote -
Smart Access Behavior/スマートアクセスの挙動について
Smart Access Behavior
[Restrict managed users] > [Restrict all users except owner/co-owner] is selected, editors and viewers will not be able to move and copy operations.
Restrict managed users > Restrict all users except owner/co-owner and editors is selected, you will not be able to copy the viewer.
When using the above Box classification and Shield features (access policy), the settings will be applied to files but not to folders, even if they are set.
When a user with editor privileges copies a folder, all copies are made.
I can copy and move folders, but I can't download the files…1 vote -
2fa
Title: 2FA – Session Level NOT Machine Level
Category: 2FA
Idea:
After enabling 2FA:
Steps followed:
Quit Safari (v14.0.3) (Cmd+Q)
Launch Safari
Navigate to account.box.com/login
Login without 2FA (2FA enabled)
As a separate test, I also removed my Safari session from Box security, quit Safari (Cmd+Q), opened Safari and was able to login without a 2FA credential.
When a user removes an active session (or saved login location), any new login attempts should be seen as a new computer, and thus prompt for the credentials setup by the user logging in.
I was able to get Box to prompt for…
1 vote
- Don't see your idea?