Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
402 results found
-
Add more details in device trust logs
If device trust is checking for a setting (for example OS version), then the logs should show the actual version detected. This should be for every setting Box enables you to validate. It should also have more detail about the login attempt (hostname (not just IP address), OS, Box Drive vs Box web vs etc).
Further there should be a new event in the logs, DEVICETRUSTCHECKPASSED, with similar details so that we know the check happened and what values Box found when authorizing the device. Only having DEVICETRUSTCHECKFAILED provides no audit trail for showing…
1 vote -
In China we have to use (redacted) as box.com is blocked, and after few weeks not logining (Box Alternate domain)
One of our vendor can’t login box with his own company email account. And then can’t share file with him to update.
I found he can’t see the “i’m not a robot” after login (Box Alternate domain) to fill in password as he doesn’t have VPN enabled
after i use his account to login and validated this, he can then login normally.
Looks if you don’t use box for few weeks, it will ask you to validate via this google authentication way which he can’t see it without VPN.
How to fix this for china users if they can't use…
2 votes -
Get details on shared link without owner
Airbnb and other companies when going through a large
deprovision of accounts run into issues where someone shares a link of the file after the owner is
no longer there and the collaboration is removed. But with just the file link, there is no way for the admin to get anymore details on the file.The feature request is the ability to get more details on a file through the link.
1 vote -
Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.
Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.
2 votes -
True Client IP vs Accelerator IP in Audit Logs
To improve download speeds, Box automatically leverages "accelerator" hosts on various cloud/hosting providers around the world. When this happens, the "client IP address" recorded in the audit logs is the accelerator IP address, and not the true endpoint IP address. This results in false positives in "impossible travel" analytics, and could result in false negatives. We request that the audit logs be enhanced to capture the true client IP and accelerator IP (where applicable) as separate fields in the logs.
2 votes -
Set default permission to Previewer
We would like the ability to set the default permission to Previewer. Most users are not changing the default permission we have setup when sharing. Being able to set the default permission to Previewer helps us manage security even better.
4 votes -
Add hardware token security for 2FA
Yubikeys and similar devices allow for hardware token security and are highly recommended. We want to implement it across devices (ipad, iphone, android, MacOS, Windows) and this must include Box
SMS 2 factor is considered very hackable and has been hacked many times.
How can we use Yubikeys with Box.com ? What are your plans on this?74 votesSupport for FIDO2/WebAuthn security key for authentication into Box is currently in development
-
Cylance
Please add Cylance to the list of Antivirus vendors as part of the Box Device Trust settings!
2 votes -
Can we get a report that shows WHY a device failed Device Trust?
Can we get a report that shows WHY a device failed Device Trust?
1 vote -
Include types of virus for Virus alert email
Include which type of virus contained in virus notification alert email. If types of virus includes in alert, admin is able to identify that alert email was accurate.
3 votes -
Convert all notification email contain "app.box.com" link to "ent.box.com" under BVE
Some notification email such as "Email Uploads completed" contain "app.box.com" link even for enterprises that have Box Verified Enterprise enabled.
They should be converted to "ent.box.com" link in order to access them from Internal network.
2 votes -
SSO Required - API authorize endpoint behavior not consistent with Core Box
USAF is developing a custom iOS app on Box requiring USAF internal users to authenticate into the app via SSO. With "SSO Required" turned ON, the app redirects users to the Box login page and not the SSO login page on invoking the Box authorize API endpoint. This seems not to be consistent with the Core Box "SSO Required" flow
More details including user flow illustration in the ticket.
JIRA ticket - https://jira.inside-box.net/browse/BOX-2059301 vote -
Block end user password reset for SSO users
In our environment, we enforce SSO, however users can still go into their user settings to reset their password and change the password. My understanding is that this password is only usable for FTP access, but it is confusing for users and we do not use the FTP functionality. Block end user password reset for SSO users
2 votes -
1 vote
-
Enable passphrases instead of only complex passwords
We enabled the Box strong password policy for 3rd parties; however, it does not permit passphrases. In the CASB pilot, when I accepted an invite to collaborate on my personal Box account, Diageo Box required me to change my 15 character passphrase to a complex password. That will be a problem for any 3rd parties using passphrases. Therefore we should turn that policy OFF.
1 voteIf we understand that users may prefer passphrases instead of password this is not something that we plan to deliver in the near future.
-
Unable to administer Macro Enabled Office Documents in Box
At present we have a Group Policy that prevents Macro Enabled Office documents from being opened in our environment. When a macro enabled document is uploaded into box, it circumvents the group policy and is able to be opened on our network. We'd love the ability to manage the types of documents able to be downloaded/opened on our network based on their file extension or type of document.
2 votes -
Add the automatic deletion function of external collaborators account
Request: Add the automatic deletion function of external collaborators account
Please add automatically delete function linked to the deletion of his company's Box account.
Reason: Even if he changes jobs, he can still log-in to Box using his old e-mail accounts.
We cannot control the collaborators' job change, and we cannot grasp it in a timely catch-up of his situation.
If he changes jobs to our competitor, the risk of data breaches increases.4 votes -
Add action option for Content Security policy
add another action option to the 'Then take the action(s)' section under Content Security Policies. It would be useful if one of the available actions was to disable the users account/set it to inactive automatically if the account were to violate the content security policy.
1 vote -
1 vote
-
Limited access to external collaborators on file & folder
Dear Team, I want to give access to my auditor some file. However I do not want them to edit, save , download or print screen any documents.
How to do this ?
1 vote
- Don't see your idea?