Feature Request: Flexible External Sharing Controls with Combined Allow/Block Logic (Box Shield)
Current Situation (As-Is)
Box Shield does not support applying multiple external collaboration restrictions on the same content.
As a result:
When a folder is classified with an allow-list policy, sharing externally is restricted only to explicitly approved email addresses managed in shield list.
This overrides the broader domain-based sharing rules, preventing sharing with otherwise permitted external domain.
Example impact:
A folder with classification cannot be shared with regular external users from allowed domains, unless they are explicitly included in the allow list.
Current workaround:
Admins must manually maintain allow-lists (emails) for the classified folder.
Problem
Lack of flexibility in combining policies creates over-restrictive behavior.
Organizations cannot implement common governance patterns such as:
“Allow sharing with non-public domains + specific exceptions from those domains" - using integration to manage the list on exception.
Leads to:
Increased admin overhead
Poor user experience
Inconsistent enforcement across classified vs non-classified content
Requested Enhancement
Enable combined/conditional policy logic for external sharing, allowing:
Coexistence of rules, such as:
Allow sharing with non-blocked external domains
Allow specific email exceptions (from otherwise restricted/public domains) - using shield lists o
Policy evaluation that supports:
“Allow domain-based sharing AND allow specific users from blocked domains”
More flexible classification behavior where:
Applying a classification extends permissions (adds exceptions) rather than replacing them entirely
thanks.
Tal