Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
187 results found
-
Block single user
Our security has deemed a single email as suspicious. We would like to block this single email from connecting to our Box, or being collaborated into our Box.
With Shield we can block the whole domain, but that approach is too broad and would limit too many valid email addresses.
7 votesNot a priority. Will revisit in 6 months.
-
Shield classification user permissions
Request to make classification application settings specific to the classification. Currently, the setting for who can apply/remove a classification is for all classifications, but there are cases where it would be helpful that a classification to be only applied by owners and other where co-owner, or even editor would be allowed to apply certain classifications.
Examples:
1. A classification tied to a Shield access control rule that only owners can apply or remove
2. A classification tied to a Shield access control rule that owner/co-owners can apply or remove
3. A classification identifying a type of content that owners/co-owner/editors can…17 votesNot a priority. Will revisit in 6 months.
-
Take action on user based on Threat Detection Shield Rule
Extending threat detection ALERTS to take action on a user's access would be very valuable. I've heard lots of customers request having a user's account deactivated if they access Box from a suspicious location. Right now, there is not a way to do this through the core Box application, it has to be done through custom scripting or with another tool.
9 votesAutomatically logging user out from suspicious locations is on the roadmap for FY23.
-
Remove Collaborator Access Policy Security Control in Shield
When creating an access policy in Shield, there needs to be a security control that removes a collaborator after a specific period of time or on a specific date. It would work very similar to the "Invited Collaborators Expiration Settings" option that is available in the Admin Console under the Content and Sharing tab, but would be tied to a classification setting.
4 votes -
Can we get another pop-up screen when Deleting a Shield Access policy to make sure that is the action the admin wants to take?
The 'Delete' and the 'Edit' button are right next to each other on the Shield Access Policy page. When clicking 'Delete' the policy automatically deletes. It is easy to accidentally click instead of 'Edit'. Can we get a second window that asks if that is the action the Admin/ Co-Admin wants to take on the policy?
2 votes -
Support for Regular Expression (REGEX) for Auto-Classification in Shield
We would like the ability to support Regular Expressions (REGEX) for creating auto-classifications rules in Shield. This would greatly enhance how much we can leverage the capability
32 votes -
Option for Shared Link Restriction on new links only
We would like the option to apply the shared link restriction to "new links only" so that current links are not overwritten. This would be similar to the External Collaboration Restriction option to apply to "only new external collaborations"
1 voteNot on the roadmap for FY25, will evaluate for FY26
-
Shield Shared Links: Password Requirement
Passwords for public links are wonderful, however, the capability to enforce all links (even those with internal or collaborator scope) would be beneficial for users and content security. If this password requirement could be tied to classifications as an access policy, that would make it increasingly difficult for negligent or malicious actions on Box content. Currently, we can only decrease the scope available for shared links, but by requiring a password, there will be additional adoption for Box and Shield, especially within highly regulated industries that require external or public distribution of content.
39 votes -
Add classification columns to Collaboration and Shared Link Reports
Add columns to the Collaboration and Shared Link reports to display file/folder classification
5 votes -
Whitelisting Access Using Managed User Groups
Companies frequently hire contractors and provide them with company email addresses to access internal networks and applications. This creates an issue with contractors having visibility into an entire folders and not just the projects/folders that apply to them. Shield's whitelisting capabilities allow us to limit external email domains, but because contractors are given a company email domain the whitelisting capabilities do not apply.
We would like to be able to create a "Consultants" Managed User Group and whitelist access to break waterfall permission for internal Managed User Groups.
7 votes -
Automatically classify content based off uploader
Automatically classify content based off uploader of document. Use case: anything a legal team member uploads should automatically be classified as confidential
2 votes -
Auto Classification Based Off Uploader
Automatically classify content based off uploader of document. Use case: anything a legal team member uploads should automatically be classified as confidential
1 vote -
Auto classification of files/folders based on metadata and comments
It would be helpful if Box's auto classification feature were able to trigger file classification (and thus, security controls) if metadata on a file/folder is sensitive in nature or if a file has comments/tasks/annotations that contain sensitive information.
2 votes -
Limit the rights of users who can change classification labels.
■Background
We are currently using Box Shield to control the public scope of shared links.
Currently, co-owners would still be able to use the classification labels even if they are set to "Owners/co owners" in the below settings.We want to make sure that only the owner can set classification labels.
■Details
Classification labels can be configured with "Admin console>Classification".
When the Box administrator clicks on Settings, the following settings are available:
Classification settings
Only allow selected permission types to modify classifications on content.
See collaboration permission chart.
Link:https://support.box.com/hc/en-us/articles/360044196413・Owners/co owners
・Owners/co owners and editors
・Owners/co owners, editors, and…1 vote -
Box Sheild can use some help
It would be great if there was a way to be able to enter notes on an incident. Also to flag an incident as complete and have it removed from the list.
3 votes -
PCI Compliance
As a user in an industry which must be PCI compliant,
I want content flagged by Shield as containing PCI content to not be included in the full-text search index,
So that our Box environment can be PCI compliant without having to disable full text search for the entire environment.1 vote -
Notify or provide options on password protected files in Automated Classification
When running automated classification, files containing passwords will not be checked for PII information. This means they are potentially at risk of getting shared externally. There should be options to classify them if they are password protected or it should have the option of alerting.
4 votes -
Add a Birthdate / Birth date infotype to Automated Classification
Birthday is not an an InfoType in automated classification. Please add this field.
2 votes -
Shield enhancement against EID-to-EID content move / copy
Need the ability to generate a Shield alert when someone copies or moves content from one EID repository to another EID; to include any movement of content via the api.box.com utilizing cURL or other CLI.
8 votesThis type of detection is something we want to investigate further. We are in the midst of getting additional feedback on this topic as the team works on other Threat Detection enhancements.
-
Restrict Collaboration for Individual External User
Customer would like to have the ability to block individual external users from collaborating on their enterprise content. The external domain allow list is too broad if only one or two external users need to be blocked from collaborating on content.
11 votesNot on the roadmap for FY25, will evaluate for FY26
- Don't see your idea?