Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
378 results found
-
SSO Required - API authorize endpoint behavior not consistent with Core Box
USAF is developing a custom iOS app on Box requiring USAF internal users to authenticate into the app via SSO. With "SSO Required" turned ON, the app redirects users to the Box login page and not the SSO login page on invoking the Box authorize API endpoint. This seems not to be consistent with the Core Box "SSO Required" flow
More details including user flow illustration in the ticket.
JIRA ticket - https://jira.inside-box.net/browse/BOX-2059301 vote -
1 vote
-
Enable passphrases instead of only complex passwords
We enabled the Box strong password policy for 3rd parties; however, it does not permit passphrases. In the CASB pilot, when I accepted an invite to collaborate on my personal Box account, Diageo Box required me to change my 15 character passphrase to a complex password. That will be a problem for any 3rd parties using passphrases. Therefore we should turn that policy OFF.
1 voteIf we understand that users may prefer passphrases instead of password this is not something that we plan to deliver in the near future.
-
Unable to administer Macro Enabled Office Documents in Box
At present we have a Group Policy that prevents Macro Enabled Office documents from being opened in our environment. When a macro enabled document is uploaded into box, it circumvents the group policy and is able to be opened on our network. We'd love the ability to manage the types of documents able to be downloaded/opened on our network based on their file extension or type of document.
2 votes -
Add the automatic deletion function of external collaborators account
Request: Add the automatic deletion function of external collaborators account
Please add automatically delete function linked to the deletion of his company's Box account.
Reason: Even if he changes jobs, he can still log-in to Box using his old e-mail accounts.
We cannot control the collaborators' job change, and we cannot grasp it in a timely catch-up of his situation.
If he changes jobs to our competitor, the risk of data breaches increases.4 votes -
Add action option for Content Security policy
add another action option to the 'Then take the action(s)' section under Content Security Policies. It would be useful if one of the available actions was to disable the users account/set it to inactive automatically if the account were to violate the content security policy.
1 vote -
1 vote
-
Limited access to external collaborators on file & folder
Dear Team, I want to give access to my auditor some file. However I do not want them to edit, save , download or print screen any documents.
How to do this ?
1 vote -
Add hardware token security for 2FA
Yubikeys and similar devices allow for hardware token security and are highly recommended. We want to implement it across devices (ipad, iphone, android, MacOS, Windows) and this must include Box
SMS 2 factor is considered very hackable and has been hacked many times.
How can we use Yubikeys with Box.com ? What are your plans on this?44 votesWe now have the ability to use TOTP for 2FA. In addition, admins can enforce TOTP for managed/external users.
We do want to support FIDO standards for 2FA in the future and will update this idea with more details once we have a concrete plan. -
Alert when Password Reset is coming due
We have our users set to reset every 90 days. We find this consitently sneaks up on our users and they end up with expired passwords and then have to reach out to our IT department for assistance. This is mainly an issue with our Drive or Mobile app only users. Your website handles it well if they use the website they will be prompted. If they are on the Mobile app it stays logged in and breaks. (Shows folders and can be navigated but unable to see files) I would greatly appreciate it if we at least had to…
5 votes -
Convert all notification email contain "app.box.com" link to "ent.box.com" under BVE
Some notification email such as "Email Uploads completed" contain "app.box.com" link even for enterprises that have Box Verified Enterprise enabled.
They should be converted to "ent.box.com" link in order to access them from Internal network.
1 vote -
Add granularity to shared link controls
Based on organizational requirements and the variance, there should be additional controls such as limiting the capability to create shared links (open Links) to Admins or designated personnel as an option. This would allow for greater granularity as some divisions within an organization may have a need to share publicly, while also securing sensitive information
23 votesFor now, we are focussed on solving bulk management issues with Shared Links.
Box Shield is an additional option for enforcing granular controls on content.
-
Block end user password reset for SSO users
In our environment, we enforce SSO, however users can still go into their user settings to reset their password and change the password. My understanding is that this password is only usable for FTP access, but it is confusing for users and we do not use the FTP functionality. Block end user password reset for SSO users
1 vote -
Create Outlook anomaly detection
Build out an Outlook feature or compatible security product that can impose rules on content categories that can alert the appropriate individuals of anomalies or misuse before the file leaves the company’s boundaries in the email program.
1 vote -
Last Mile File Security (When moved out of Box)
Last Mile File Security (When moved out of Box)
Box is a reasonably safe platform for file security. However, when a file moves or downloads out to a user device it drops the security controls in box.
Can there be control when the file of specific classification moves out, the downloaded copy of the file is encrypted and open to the recipient only after box authentication.
1 vote -
GDPR- PII Detection
Increase PII detection templates from just three Social Security no, Credit card and Custom text to more as offered by other DLP products in the marketplace.
In addition to real-time detection, also allow discovery of the legacy data utilizing the same templates. Notification on detection could include an on-screen warning/ policy tip in addition to email and file quarantine options etc.
1 vote -
limit deletions
My staff need the ability to upload & download various files, but I don't want them (or me!) to have the ability to delete large swathes of my database. I can't find a way to limit this, in Box
1 vote -
Automate quarantining of infected files
While speaking with Box Premiere Support Team, it was stated that there is no current option/means to automatically place an infected file into quarantine. The file stays available and is up to the Content Owner/Site Admin to manually address the issue.
It would be nice to have a feature that automatically placed suspicious/infected files in a designated quarantine folder while it is being reviewed. This will eliminate the potential for someone to accidentally download the file and cause potential harm.
12 votes -
Enforce parent folder collaboration restrictions on moved folders
Make sure that folder settings apply to all the subfolders. Currently, even if you restrict collaboration to within your company through folder settings, a folder that is already collaborated to external users can be moved into that folder. Right now, we don’t have the mechanism to check if a folder that is about to be moved is collaborated to external user.
20 votes -
Event Logs: Tell the full story of what happened
The Box Event Logs are crucial to finding out what occurred while users were logged in to the application.
However, there are many gaps in the data that if cleaned up would provide better quality data for end users.I work with many companies that actively use your tool and would like to be able to tell a full story as to what their users were doing while logged in.
For example, when an Admin Login event occurs, you see the user the admin logged in as, but you do not see the admin who logged in as the user.…
2 votes
- Don't see your idea?