Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
406 results found
-
Shared Links Expiration and Turn Off
Create the ability exist to mass update shared link expiration dates and/or turn off the shared links, using folder and file ids.
5 votes -
Box lock security
We just discovered that a user with viewer-uploader permissions can unlock files which our team believes is an unacceptable security flaw. The viewer-uploader level of security is required for a user to create a folder within a folder that we have granted them access to, but other than that level of editing our external invited partners should not have the ability to manage a security feature such as unlocking a file or folder.
2 votes -
capture admin role changes in event stream
currently we receive the same event (‘Change admin role: privilege Admin role for user’) in event stream for any admin role change,
although we performed a different action
we would like a more detailed log
i.e. activities like remove/add and providing the specific role as well1 vote -
Send a "here's how your items are shared" report to each user periodically
One of the most common sources of security breaches is due to a user inadvertently sharing an item more broadly or for longer than they intended.
A simple way to help limit those sorts of security breaches would be for Box to email every user a report periodically (configurable by the admin, but roughly monthly) that said "Here's how everything you own is shared with other people, and here's a link to the KB article that'll tell you how to fix it if it's not what you want", then showed a report of their folders, files, and shared links, with…
81 votes -
Allow SSO users to remove their external password again
Since I as a user can set up an external password for my SSO account, I'd like to also be able to remove that external password when I no longer need it. This a) removes an unnecessary login method and therefore improves security and b) alleviates the need for me to regularly change a password I no longer have any use for.
Currently this requires going through Box support (and potentially an enterprise's own internal support hierarchy before that, as in my case), whereas it could also be a simple link/button next to the "Change Password" link in my account…
2 votes -
Add support to get Security logs event using Box Eventlog API
Currently Eventlog API doesn't logs event related to enterprise setting changes by admins. These logs are available using Security report (https://app.box.com/master/reports/security) but are not available through API.
For reference (https://community.box.com/t5/Platform-and-Development-Forum/How-to-get-security-logs-using-Box-Eventlog-API/m-p/79313#M7447)10 votes -
Add more details in device trust logs
If device trust is checking for a setting (for example OS version), then the logs should show the actual version detected. This should be for every setting Box enables you to validate. It should also have more detail about the login attempt (hostname (not just IP address), OS, Box Drive vs Box web vs etc).
Further there should be a new event in the logs, DEVICETRUSTCHECKPASSED, with similar details so that we know the check happened and what values Box found when authorizing the device. Only having DEVICETRUSTCHECKFAILED provides no audit trail for showing…
1 vote -
In China we have to use (redacted) as box.com is blocked, and after few weeks not logining (Box Alternate domain)
One of our vendor can’t login box with his own company email account. And then can’t share file with him to update.
I found he can’t see the “i’m not a robot” after login (Box Alternate domain) to fill in password as he doesn’t have VPN enabled
after i use his account to login and validated this, he can then login normally.
Looks if you don’t use box for few weeks, it will ask you to validate via this google authentication way which he can’t see it without VPN.
How to fix this for china users if they can't use…
2 votes -
Set default permission to Previewer
We would like the ability to set the default permission to Previewer. Most users are not changing the default permission we have setup when sharing. Being able to set the default permission to Previewer helps us manage security even better.
5 votes -
Get details on shared link without owner
Airbnb and other companies when going through a large
deprovision of accounts run into issues where someone shares a link of the file after the owner is
no longer there and the collaboration is removed. But with just the file link, there is no way for the admin to get anymore details on the file.The feature request is the ability to get more details on a file through the link.
1 vote -
Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.
Force external collaborators to sign in using 2-step verification or dual authentication for access to specified shares.
2 votes -
True Client IP vs Accelerator IP in Audit Logs
To improve download speeds, Box automatically leverages "accelerator" hosts on various cloud/hosting providers around the world. When this happens, the "client IP address" recorded in the audit logs is the accelerator IP address, and not the true endpoint IP address. This results in false positives in "impossible travel" analytics, and could result in false negatives. We request that the audit logs be enhanced to capture the true client IP and accelerator IP (where applicable) as separate fields in the logs.
2 votes -
Cylance
Please add Cylance to the list of Antivirus vendors as part of the Box Device Trust settings!
2 votes -
Can we get a report that shows WHY a device failed Device Trust?
Can we get a report that shows WHY a device failed Device Trust?
1 vote -
Include types of virus for Virus alert email
Include which type of virus contained in virus notification alert email. If types of virus includes in alert, admin is able to identify that alert email was accurate.
3 votes -
Convert all notification email contain "app.box.com" link to "ent.box.com" under BVE
Some notification email such as "Email Uploads completed" contain "app.box.com" link even for enterprises that have Box Verified Enterprise enabled.
They should be converted to "ent.box.com" link in order to access them from Internal network.
2 votes -
SSO Required - API authorize endpoint behavior not consistent with Core Box
USAF is developing a custom iOS app on Box requiring USAF internal users to authenticate into the app via SSO. With "SSO Required" turned ON, the app redirects users to the Box login page and not the SSO login page on invoking the Box authorize API endpoint. This seems not to be consistent with the Core Box "SSO Required" flow
More details including user flow illustration in the ticket.
JIRA ticket - https://jira.inside-box.net/browse/BOX-2059301 vote -
Block end user password reset for SSO users
In our environment, we enforce SSO, however users can still go into their user settings to reset their password and change the password. My understanding is that this password is only usable for FTP access, but it is confusing for users and we do not use the FTP functionality. Block end user password reset for SSO users
2 votes -
1 vote
-
Enable passphrases instead of only complex passwords
We enabled the Box strong password policy for 3rd parties; however, it does not permit passphrases. In the CASB pilot, when I accepted an invite to collaborate on my personal Box account, Diageo Box required me to change my 15 character passphrase to a complex password. That will be a problem for any 3rd parties using passphrases. Therefore we should turn that policy OFF.
1 voteIf we understand that users may prefer passphrases instead of password this is not something that we plan to deliver in the near future.
- Don't see your idea?