Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
379 results found
-
Include device identification in Device Trust logs
We think it would be valuable to be able to identify a specific device failing Device Trust. Either MAC address or computer name would be useful. Computer name would be the preference.
This to positively identify the device end users are using to connect. As we were implementing Device Trust we ran into numerous situations where end users were connecting from multiple devices and not transparent with us that they were using multiple computers.2 votes -
2 votes
-
Two factor authentication as standard for business customers
Two factor authentication is the standard for securing accounts. I was therefore surprised to learn that enforcing two factor authentication on the business subscription package is not an option. Requiring two factor authentication is only available on the top enterprise price plans.
This is disappointing, as it means businesses customers who use Box, their staff can bypass any requirement to use two factor authentication. It increases the risk of a breach of company data due to a bad password practices by an employee, like using the same password across many different services. Without two factor authentication the company data is…
2 votes -
Timed logout out option with inactivity
Would like to elect to have a timed log out option. For example if you set 10minutes or 1hr of inactivity you would be automatically logged out like a banking website.
2 votes -
Password Protect Folders Designated as "Invited People Only" Collaborators
I would like to add passwords to folders that are tagged as "Invited People Only" to increase the level of security on the content. I would like to create a folder that is shared only with invited people, and also add a password for the folder to ensure content is as secure as possible, e.g., pre-lease earnings reports, HR terminations, pending litigation, etc.
2 votes -
Watermarking feature turns document to a PDF and loses all formatting
Currently the watermarking feature turns the selected document to a PDF, therefore losing all formatting from the original application. In excel the document loses all formatting features, including tabs, etc. Watermarking should not lose the formatting of the original document - and/or allow for watermarking feature to only be used when downloading and not in the view features.
2 votes -
Additional permission options for files
Hello:
The documentation for Collaborator Permission Levels at https://support.box.com/hc/en-us/articles/360044196413-Understanding-Collaborator-Permission-Levels is very substantially incorrect. At the start of that article it says (capitalization mine):
"When inviting a person as a collaborator within a folder OR FILE, or sending a shared link, you have the ability to set the level of access that person has to your content. Refer to the following chart to review the different permissions that accompany each permission level:"
This is completely incorrect--the permissions in that article only refer to permissions for folders, not files. Files only get "Viewer" or "Editor" permissions.
Ideally it would be nice if…
2 votes -
In China we have to use (redacted) as box.com is blocked, and after few weeks not logining (Box Alternate domain)
One of our vendor can’t login box with his own company email account. And then can’t share file with him to update.
I found he can’t see the “i’m not a robot” after login (Box Alternate domain) to fill in password as he doesn’t have VPN enabled
after i use his account to login and validated this, he can then login normally.
Looks if you don’t use box for few weeks, it will ask you to validate via this google authentication way which he can’t see it without VPN.
How to fix this for china users if they can't use…
2 votes -
True Client IP vs Accelerator IP in Audit Logs
To improve download speeds, Box automatically leverages "accelerator" hosts on various cloud/hosting providers around the world. When this happens, the "client IP address" recorded in the audit logs is the accelerator IP address, and not the true endpoint IP address. This results in false positives in "impossible travel" analytics, and could result in false negatives. We request that the audit logs be enhanced to capture the true client IP and accelerator IP (where applicable) as separate fields in the logs.
2 votes -
Cylance
Please add Cylance to the list of Antivirus vendors as part of the Box Device Trust settings!
2 votes -
Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.
Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.
2 votes -
Block end user password reset for SSO users
In our environment, we enforce SSO, however users can still go into their user settings to reset their password and change the password. My understanding is that this password is only usable for FTP access, but it is confusing for users and we do not use the FTP functionality. Block end user password reset for SSO users
2 votes -
Unable to administer Macro Enabled Office Documents in Box
At present we have a Group Policy that prevents Macro Enabled Office documents from being opened in our environment. When a macro enabled document is uploaded into box, it circumvents the group policy and is able to be opened on our network. We'd love the ability to manage the types of documents able to be downloaded/opened on our network based on their file extension or type of document.
2 votes -
Event Logs: Tell the full story of what happened
The Box Event Logs are crucial to finding out what occurred while users were logged in to the application.
However, there are many gaps in the data that if cleaned up would provide better quality data for end users.I work with many companies that actively use your tool and would like to be able to tell a full story as to what their users were doing while logged in.
For example, when an Admin Login event occurs, you see the user the admin logged in as, but you do not see the admin who logged in as the user.…
2 votes -
Remove External Password once Done
I would love to see the ability to remove/disable the External password after it has been used. We have many users who only need it once or twice for something niche, but once it's set you can't undo it meaning they're stuck rotating that password every 90 days, forever, despite us being on SSO.
Disabling this closes a login method that's no longer needed which is overall more secure, and removes a large inconvenience.
2 votes -
Support third-party apps for Device Trust
For Device Trust- the ability for Box to support the following:
- Crowdstrike’s AntiVirus software for Macs
- WinMagic’s Disk Encryption for Windows
2 votes -
Sharing information with people outside my organization.
when a URL is shared to someone they will then have the ability to download. locking a file feature is available, unfortunately, it needs to be performed one by one. the ability to lock entire folders all at once would be very helpful.
2 votes -
User wants to be able to see Key ID for keysafe rotations.
User wants to be able to see Key ID for keysafe rotations. This will help validate the correct key they have in their systems.
2 votes -
Allow collaboration with secondary email addresses/alias
Our users have email addresses ending with <company name>.bw and the UPN is ending with <company name>.com.
Box treats <company name>.com and <company name>.bw as different IDs and Box only logs through SSO, so account is validated through UPN only which is <company name>.com.
When users login with <company name>.com they are able to login to box but they are unable to see the files which have been shared with <company name>.bw id.
When any file/folder is shared with <company name>.com id users do not receive any email because the primary SMTP has been setup with <company name>.bw.2 votes -
Add configurable governance alerting
Add configurable alerting in an effort to preventing directory and permission sprawl or detecting anomalous access
At this point we may require additional products or custom development to address this problem.
An example of a real world problem is if Jane has two box accounts one managed by the firm and the second a personal account, there is nothing to prevent or alert us if Jane copies enmasse company property
2 votes
- Don't see your idea?