We want to get the activity reports for specific classification(just like specifying the folder).

We need to audit user activities for confidential files every quarter. Current activity reports can only specify the user, date, folder and action, not classification.

In Box Shield Smart Access, if moved from Folder A, which is assigned the [In-House] classification, to Folder B, which is assigned the [Public] classification, Folder A's classification will be inherited.

However, the classification of [In-house] in folder A is not inherited when the copy operation is performed, the [Public] classification assigned to folder B is assigned.
Since the classification is not inherited by the copy operation, this function can be useful to prevent information leakage by implementing this function.

We want "Smart Access: Download restriction" to control the download/printing capability of G-Suite apps. We want the integration just like office online which restrict download/print on office online apps.

For security perspective, we want to minimize the risk of data breach, so we are planning to store the confidential files on box and restrict the content to be downloaded to the devices. However currently if user opened the files on G-Suite, the files can be downloaded or printed.

I would like to see the ability to add Shield Classifications per client - with the appropriate access policy (restricting to client email domain) we could avoid any possibility to overshare when inviting the wrong clients into a folder or sharing a shared link - There is a maximum number of classifications of 25 so could this be extended to facilitate this use case/control.

To apply or change a classification, select "Owners/co-owners and editors" in the classification settings, and then click Users with editorial privileges or higher can apply and change the classifications.
However, by implementing a feature that allows configuration of permissions to apply and change each classification created, the Security can be enhanced.

Currently, the trial mode classification and settings will disappear at the end of the trial period.
If we have a Shield contract, we would like to take over its classification and settings.

By eliminating the need to set them up again in the production environment, we can make a smooth transition.

Isolate the EDIT SHIELD CONFIGURATION co-admin permission to 2 different permissions:

1. View-only detection rules, access policies, lists


2. View, Edit, and Create Detection rules, access policies, and lists.

When viewing a folder, it is currently not possible to know if there are files within the folder structure that have a differing classification label from the one at the root level. This "non-compliance" could potentially be problematic, or even a signal that someone has inadvertently changed a classification. It would be nice to have some kind of visual indicator that the top-level classification label is not 100% cascaded throughout the folder/file structure below it in the waterfall.

When viewing the contents of a folder, it would be beneficial to the user experience to see which items are classified and how without needing to select the item or attempt to preview it.

To support ethical walls, it would be advantageous to be able to create lists of email addresses for different teams within the same company so that collaboration and shared link access can be restricted. Example for private side, public side employees within an investment bank content could be classified for each with access controls in place to prevent sharing and collaboration.

It looks like I'm only able to notify users who are Shield co-admins whenever an alert is created. I would like to send alerts to a Pager Duty email address for email integration.

I would like to avoid creating a separate user for the purposes forwarding emails to pager duty. I would also like to avoid creating a forwarding rule on my own inbox.

Is it possible to send Shield alert notifications directly to non-user email addresses? If not, is this something the Box team is working on or can consider implementing?

In Shield, when a user previews/opens a file to Office Online it tracks as a suspicious IP location. It would be great if it could be separated and designated a lower priority than a genuine account compromise. Just a suggestion to clean up the Shield alert queue

We would like to have the ability to search by classification.

We would like see that only owners can control Box Shield and Governance classifications. We would like a way to restrict co-owners.

Wondering if "device pinning" can register details of devices utilized by the user and allows/disallow the login from it. Why cant it be used as a condition under "Download Restriction". MDM solutions are not yet fully matured to cover all & frequently changing devices types .

It is common that companies have non-executive directors, and that they work without corporate email accounts. They could use gmail or another personal email accounts so they might want to blacklist free email domains, but have special dispensation for these exec's email addresses. So blocking all free email domains, with an additional granularity to allow certain addresses on a whitelist.

Currently "Classification Definition" can be written with 'return character' in its input form. But when this "Classification Definition" is shown to the user, 'return character' is being ignored and is shown in one line.

Definition needs to be shown in the same way it was written / configured, and also needs to be shown in several lines when required (e.g. written in multiple languages where each language's definition needs to be shown in each line, instead of all in single line).

On the dashboard for Shield, you see a list of alerts generated through threat detection policies. We'd like to see the functionality where end users could mark an alert as seen and/or resolved so everyone who monitors the Shield alerts would know whether it's been resolved or open. This is similar to a ticketing system, but a simple notes body on the alert where someone could put an explanation of their response to the alert would greatly enhance visibility and drive better usability. Thanks!