Custom Subdomain on Upload API Endpoint
When a Box instance is setup to use a custom subdomain, the upload API endpoint should use the subdomain. For example, acme.upload.app.box.com instead of upload.app.box.com. This will make it easy to setup corporate firewall rules that prevent users from uploading content into personal Box accounts

-
Kengo Masuda-Marubeni IT Sol commented
I agree with this idea.
In recent years, there has been a growing demand for this improvement as CASB products have made it possible to identify and control only the act of uploading.For example, it would be possible to “limit uploads to 1MB or issue a warning dialog for uploads to folders invited by other companies.
Even with the current specification, it is possible to control logins to other companies by setting “prohibit *.ent.box.com and allow mycompany.ent.box.com,” but controlling logins alone is not sufficient.
It is not possible to achieve the “state that identifies and automatically controls the taking out of data to other companies” that many companies desire.
This is still not possible even with Box Shield's classification labels.
See also Pulse below.
https://pulse.box.com/forums/909778-help-shape-the-future-of-box/suggestions/48208769-access-policy-prohibiting-copying-and-moving-to-exEven if it is a paid option, could you please implement a function to “provide the upload.box.com subdomain privately”?
Ideally, not only uploading, but also copying and moving operations should go through this connection.