Skip to content

Help shape the future of Box

Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!

See user guide here.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

165 results found

  1. Shared Link Password Policy

    Much like the default link expiry policy we would also like one specific to forcing passwords for shared links and preferably being able to define that policy with minimum characters and complexity.

    Bonus would be passwords that are auto-generated and viewable by the creator of the shared links to minimize the need for external tools.

    60 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    not planned  ·  10 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. MFA Excluded User List Needed

    MFA Excluded User List Needed - if a user has to switch MFA devices, as of now the Admin would need to globally turn MFA off for everyone, also an admin might need to setup a box account and login as a user (say using lastpass) before the hire date, thus they need to be on an exclusion list until they start, additionally automated processes might need a login that would be excluded from MFA needs direclty within box, thus the requirement for an exclusion list for MFA that is freely adjustable.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)


    1. We will soon have the ability to download back up codes that can be used in case you don't have access to your MFA device.
    2. Certain Box plans have the ability to exempt specific users from MFA.
    3. We do have this exclusion list for external users.


    Given these, we don't have plans to add an exclusion list for managed user MFA at this point.

  3. SSO exception

    Ability to have exceptions for SSO for specific amdin accounts/test users. Use case: there's a series of admin accounts we use that own folders/content in Box but aren't actual users. Now when we want to turn on SSO - we now have to have OKTA accounts for those accounts and test users, when we'd prefer to just do Box 2FA for those vs. SSO enabled for all

    33 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Allow the use of Linux devices as approved devices.

    We had Linux based user using Box web console and as of the July update, they are no longer able to access Box. I would like to see Linx OS be added to the approved Operating Systems list in the Admin Console for enterprise settings.

    46 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    not planned  ·  0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Send a "here's how your items are shared" report to each user periodically

    One of the most common sources of security breaches is due to a user inadvertently sharing an item more broadly or for longer than they intended.

    A simple way to help limit those sorts of security breaches would be for Box to email every user a report periodically (configurable by the admin, but roughly monthly) that said "Here's how everything you own is shared with other people, and here's a link to the KB article that'll tell you how to fix it if it's not what you want", then showed a report of their folders, files, and shared links, with…

    80 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    not planned  ·  4 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Enable passphrases instead of only complex passwords

    We enabled the Box strong password policy for 3rd parties; however, it does not permit passphrases. In the CASB pilot, when I accepted an invite to collaborate on my personal Box account, Diageo Box required me to change my 15 character passphrase to a complex password. That will be a problem for any 3rd parties using passphrases. Therefore we should turn that policy OFF.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Add hardware token security for 2FA

    Yubikeys and similar devices allow for hardware token security and are highly recommended. We want to implement it across devices (ipad, iphone, android, MacOS, Windows) and this must include Box

    SMS 2 factor is considered very hackable and has been hacked many times.
    How can we use Yubikeys with Box.com ? What are your plans on this?

    46 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We now have the ability to use TOTP for 2FA. In addition, admins can enforce TOTP for managed/external users.
    We do want to support FIDO standards for 2FA in the future and will update this idea with more details once we have a concrete plan.

  8. Add granularity to shared link controls

    Based on organizational requirements and the variance, there should be additional controls such as limiting the capability to create shared links (open Links) to Admins or designated personnel as an option. This would allow for greater granularity as some divisions within an organization may have a need to share publicly, while also securing sensitive information

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    For now, we are focussed on solving bulk management issues with Shared Links.

    Box Shield is an additional option for enforcing granular controls on content.

  9. Enforce parent folder collaboration restrictions on moved folders

    Make sure that folder settings apply to all the subfolders. Currently, even if you restrict collaboration to within your company through folder settings, a folder that is already collaborated to external users can be moved into that folder. Right now, we don’t have the mechanism to check if a folder that is about to be moved is collaborated to external user.

    21 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    not planned  ·  3 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Remove External Password once Done

    I would love to see the ability to remove/disable the External password after it has been used. We have many users who only need it once or twice for something niche, but once it's set you can't undo it meaning they're stuck rotating that password every 90 days, forever, despite us being on SSO.

    Disabling this closes a login method that's no longer needed which is overall more secure, and removes a large inconvenience.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    not planned  ·  1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Ability to insert custom words as watermark

    If a user could add "Confidential" or "Company Secret" into watermarking,
    the customer would be able to leave the legal evidence of the statement that the corresponding files are not allowed to disclose externally.
    Also, it would be better if there is an option to set watermarking by folders as well.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. 10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Better error message for device limits

    If there is a device limit set, the error message when you try logging in from another device should read something similar to: You have reached the max number of devices

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    not planned  ·  2 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Block users by geography

    We'd like the ability to block users from accessing our Box environment from certain geographical areas, via a control in the admin console’s insights page (the geographic activity area).

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Collaboration Blacklisting

    We would benefit from the ability to make a blacklist of collaborations (perhaps via domain) to prevent against the inbound or outbound collaboration with a certain (or set) of domains.

    The current collaboration whitelist capabilities do not permit for blacklisting -- they only allow for whitelisting.

    For example: "Can we block all inbound and outbound requests to/from a certain domain (e.g., gmail.com)?"

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Extend collaborations further than the default auto-expiration timeframe

    When collaboration auto-expiration is in place on an enterprise level, folder owners can only extend the collaboration up to the default auto expiration timeframe. For example, if the enterprise has collaboration auto-expiration set at 90 days, the folder owner can currently only extend the collaboration for another 90 days. We would like for the folder owner to be able to extend the collaboration for a time period longer than the set collaboration auto-expiration.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. 10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    not planned  ·  1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. 4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Bulk extend collaboration/shared link expiration

    User would like to be able to extend access at a folder level rather than one at a time.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    not planned  ·  1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Feedback and Knowledge Base