We want to get the activity reports for specific classification(just like specifying the folder).

We need to audit user activities for confidential files every quarter. Current activity reports can only specify the user, date, folder and action, not classification.

I would like to see the ability to add Shield Classifications per client - with the appropriate access policy (restricting to client email domain) we could avoid any possibility to overshare when inviting the wrong clients into a folder or sharing a shared link - There is a maximum number of classifications of 25 so could this be extended to facilitate this use case/control.

Currently, the trial mode classification and settings will disappear at the end of the trial period.
If we have a Shield contract, we would like to take over its classification and settings.

By eliminating the need to set them up again in the production environment, we can make a smooth transition.

When viewing the contents of a folder, it would be beneficial to the user experience to see which items are classified and how without needing to select the item or attempt to preview it.

In Shield, when a user previews/opens a file to Office Online it tracks as a suspicious IP location. It would be great if it could be separated and designated a lower priority than a genuine account compromise. Just a suggestion to clean up the Shield alert queue

We would like to have the ability to search by classification.

To support ethical walls, it would be advantageous to be able to create lists of email addresses for different teams within the same company so that collaboration and shared link access can be restricted. Example for private side, public side employees within an investment bank content could be classified for each with access controls in place to prevent sharing and collaboration.

It looks like I'm only able to notify users who are Shield co-admins whenever an alert is created. I would like to send alerts to a Pager Duty email address for email integration.

I would like to avoid creating a separate user for the purposes forwarding emails to pager duty. I would also like to avoid creating a forwarding rule on my own inbox.

Is it possible to send Shield alert notifications directly to non-user email addresses? If not, is this something the Box team is working on or can consider implementing?

Currently "Classification Definition" can be written with 'return character' in its input form. But when this "Classification Definition" is shown to the user, 'return character' is being ignored and is shown in one line.

Definition needs to be shown in the same way it was written / configured, and also needs to be shown in several lines when required (e.g. written in multiple languages where each language's definition needs to be shown in each line, instead of all in single line).

On the dashboard for Shield, you see a list of alerts generated through threat detection policies. We'd like to see the functionality where end users could mark an alert as seen and/or resolved so everyone who monitors the Shield alerts would know whether it's been resolved or open. This is similar to a ticketing system, but a simple notes body on the alert where someone could put an explanation of their response to the alert would greatly enhance visibility and drive better usability. Thanks!

We would like see that only owners can control Box Shield and Governance classifications. We would like a way to restrict co-owners.

It is common that companies have non-executive directors, and that they work without corporate email accounts. They could use gmail or another personal email accounts so they might want to blacklist free email domains, but have special dispensation for these exec's email addresses. So blocking all free email domains, with an additional granularity to allow certain addresses on a whitelist.

Box currently only logs successful actions. We would like to see when a user attempts to share content that is blocked by Shield Access policies. From a DLP and insider threat perspective this would be huge in determining what people are attempting to do, not just what they are successful at doing.

Wondering if "device pinning" can register details of devices utilized by the user and allows/disallow the login from it. Why cant it be used as a condition under "Download Restriction". MDM solutions are not yet fully matured to cover all & frequently changing devices types .

Wondering if "device pinning" can register details of devices utilized by the user and allows/disallow the login from it. Why cant it be used as a condition under "Download Restriction". MDM solutions are not yet fully matured to cover all & frequently changing devices types .

My customer would like to get a report of the activities that detection rule is processing to ensure that is actually working. They have one rule (suspicious session) that has not generated any hits and thus they don’t know if it’s actually doing anything or not.

Can we have more granular on the detection rules, e,g, down to user groups, or individual account level - allowing customers to set priorities as high for some user groups, but low for others.  For some users, a customer may expect high levels of downloads/activity in Box and this may be in peaks and troughs - therefore potentially a lower priority, whereas with execs this activity should be treated as a higher priority and greater risk.