Help shape the future of Box

Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!

See user guide here.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. bulk manage Shared Links

    Provide a way for all shared links in an account to have their permission levels / access levels / expiry dates modified in bulk, rather than having to change each one individually which is extremely time consuming for large doc sets.

    110 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under consideration  ·  15 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Send a "here's how your items are shared" report to each user periodically

    One of the most common sources of security breaches is due to a user inadvertently sharing an item more broadly or for longer than they intended.

    A simple way to help limit those sorts of security breaches would be for Box to email every user a report periodically (configurable by the admin, but roughly monthly) that said "Here's how everything you own is shared with other people, and here's a link to the KB article that'll tell you how to fix it if it's not what you want", then showed a report of their folders, files, and shared links, with…

    69 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under consideration  ·  3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. True Client IP vs Accelerator IP in Audit Logs

    To improve download speeds, Box automatically leverages "accelerator" hosts on various cloud/hosting providers around the world. When this happens, the "client IP address" recorded in the audit logs is the accelerator IP address, and not the true endpoint IP address. This results in false positives in "impossible travel" analytics, and could result in false negatives. We request that the audit logs be enhanced to capture the true client IP and accelerator IP (where applicable) as separate fields in the logs.

    2 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. External 2FA - use email instead of SMS

    2FA for external users - have the option to have the second factor email instead of text. Or give the option for either text or email.

    23 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under consideration  ·  7 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Create exceptions for auto-expiration of sharing and external collaborators

    We have auto-expiration on file sharing but often need to share files with external collaborators for an indefinite amount of time. We can't keep re-sharing the file. Same for external collaborators - we have auto-expiration but we can't keep re-sharing folders with them.

    5 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Proper 2-factor authentication with TOTP not SMS

    Using SMS for 2-factor authentication is oudated and insecure. Using TOTP is an industry standard and should be implemented.

    3 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    on roadmap  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. "File Request Link" report similar to the "Shared Link" report

    Would like Org level report on what folders have "File Request Links" very similar to the "Shared Link" report. We need to report on what folders are shared publicly.

    25 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    gathering feedback  ·  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Cylance

    Please add Cylance to the list of Antivirus vendors as part of the Box Device Trust settings!

    2 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSO Required - API authorize endpoint behavior not consistent with Core Box

    USAF is developing a custom iOS app on Box requiring USAF internal users to authenticate into the app via SSO. With "SSO Required" turned ON, the app redirects users to the Box login page and not the SSO login page on invoking the Box authorize API endpoint. This seems not to be consistent with the Core Box "SSO Required" flow
    More details including user flow illustration in the ticket.
    JIRA ticket - https://jira.inside-box.net/browse/BOX-205930

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. 1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Enable passphrases instead of only complex passwords

    We enabled the Box strong password policy for 3rd parties; however, it does not permit passphrases. In the CASB pilot, when I accepted an invite to collaborate on my personal Box account, Diageo Box required me to change my 15 character passphrase to a complex password. That will be a problem for any 3rd parties using passphrases. Therefore we should turn that policy OFF.

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add action option for Content Security policy

    add another action option to the 'Then take the action(s)' section under Content Security Policies. It would be useful if one of the available actions was to disable the users account/set it to inactive automatically if the account were to violate the content security policy.

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Limited access to external collaborators on file & folder

    Dear Team, I want to give access to my auditor some file. However I do not want them to edit, save , download or print screen any documents.

    How to do this ?

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.

    Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add support to get Security logs event using Box Eventlog API

    Currently Eventlog API doesn't logs event related to enterprise setting changes by admins. These logs are available using Security report (https://app.box.com/master/reports/security) but are not available through API.
    For reference (https://community.box.com/t5/Platform-and-Development-Forum/How-to-get-security-logs-using-Box-Eventlog-API/m-p/79313#M7447)

    3 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Convert all notification email contain "app.box.com" link to "ent.box.com" under BVE

    Some notification email such as "Email Uploads completed" contain "app.box.com" link even for enterprises that have Box Verified Enterprise enabled.

    They should be converted to "ent.box.com" link in order to access them from Internal network.

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add the automatic deletion function of external collaborators account

    Request: Add the automatic deletion function of external collaborators account
    Please add automatically delete function linked to the deletion of his company's Box account.
    Reason: Even if he changes jobs, he can still log-in to Box using his old e-mail accounts.
    We cannot control the collaborators' job change, and we cannot grasp it in a timely catch-up of his situation.
    If he changes jobs to our competitor, the risk of data breaches increases.

    3 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Please consider combining all of chains requesting 2-factor authentication via the likes of Google Authenticator and/or Yubikey

    There are several chains below which are basically requesting the same thing. If you combined all of those into one chain, I'm pretty sure the combined total votes would be the highest in the Security topic. Providing 2-factor authentication via something like Google Authenticator and/or options like Yubikey is absolutely necessary. If we are not given this option, our auditor will require that we stop using Box within about 2 months. I'm doing everything I can to keep Box. It works so well for my team. I don't want to lose it. PLEASE make this a priority.

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Block end user password reset for SSO users

    In our environment, we enforce SSO, however users can still go into their user settings to reset their password and change the password. My understanding is that this password is only usable for FTP access, but it is confusing for users and we do not use the FTP functionality. Block end user password reset for SSO users

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 13 14
  • Don't see your idea?

Feedback and Knowledge Base