Mobile Security Settings Overview and FAQs

Follow

·

Get Training

Box mobile applications (Box for iOS v2.7.3+, Box for Android v1.7.5+, and Box for Windows Phone/8 v1.6+) have admin-controlled settings that allow end-users to more securely access their Box accounts on their mobile devices and give admins control over how their employees access company data. These settings provide granular controls for admins via the Admin Console and allow more security and control over how employees should access company data. Admins can use these settings to manage and customize enterprise users' access to sensitive data and prevent instances of data leakage to or from Box applications. 

To control these features from your Admin Console, navigate to the Enterprise Settings > Mobile tab.

What are the main benefits?

  • For users, mobile security settings can be enabled to provide additional protection when accessing Box from their mobile devices.
  • For admins, Box mobile app management features provide visibility into all account activity—including users and their files—and let admins manage how content is shared and accessed both inside and outside the company.

 

File Security Settings

The former setting to control Saving Files on Device has now been divided into multiple facets of control:

  • Save files to device:Controls the user's ability to download files or save them for offline use on their mobile device. Effective Box for iOS 3.2 and Box for Android 3.2, you must explicitly set this button to Allow so you can change the next few (dependent) settings.
  • Allow preview-only users to save files for offline use: Users with "Preview only” permissions for a folder will be allowed to save it for offline use when the admin has allowed this setting. “Preview only” folder contents will never leave the Box app container.
  • Open files in external applications: Allows you to control the user's ability to open content from Box in other applications using the same operating system.
  • Print files (iOS only): Allows you to control the user's ability to print files from their iOS devices.
  • Copy and paste content of files: Allows you to control the user's ability to copy text to the device clipboard and paste it elsewhere.
  • Automatic uploading from device: Controls the appearance of an automatic uploading feature within the app. This field is only available to paying customers. 
  • Include contextual information in push notifications: Allows users to receive contextual details such as file names with the push notification. 
  • Allow saving to device only if the device is encrypted (Android only): On versions of Android that support this feature, the Box application can detect if full-device encryption is enable:
    • If so, you can Allow savings files.
    • If not, this field remains Restricted.
  • Allow files to be opened into applications that save back to Box (iOS only): Allows the document picker to open files from Box in external applications and save changes back to Box.

Note: If you have allowed Save file to device in earlier versions of mobile applications, you will continue to see this setting allowed in this version as well.

Mobile security settings available to end-users

  • Passcode lock:You can set an application-specific passcode (only used to open the Box app) and set the threshold for inactivity before you are prompted for it.
    • How to enable: The passcode lock can be turned on and off and the timeout can be set in the settings of the mobile app.
    • Why is this important: This gives you an extra layer of security on your Box account if your mobile device happens to be lost or stolen.
  • Remote log-out:You have the ability to remotely log out of the Box app installed on your mobile device.
    • How to use: Accessing Box from a web browser, you can navigate to Account Settings > Security tab. All of your login activity will be listed, and you can log out of Box from any phone, tablet, device or browser by clicking on “forget app”.
    • Why is this important: You can revoke access to your account and content even after your mobile device is lost or stolen.
  • Require 2-step login verification: You can require 2-step login verification for any new or unrecognized login to your account—including logins from mobile apps. With the feature turned on, a security code is texted to your mobile phone and is required in addition to your password in order to access your Box account.
    • How to enable: From the Box web application, you can navigate to Account Settings > Security tab and turn on 2-step login verification.
    • Why is this important: This helps prevent imposters from logging into your Box account.

Mobile security settings available to admins

  • Restrict saving files for offline use:Admins can choose to allow or block the Box mobile apps from saving files onto devices.
    • How to enable: The setting can be found in the Admin Console > Admin Settings > Mobile tab. Admins can also view the features they’ve enabled or disabled for all employees in their security reports.
    • Why is this important: This feature allows admins to maintain more control over content while still allowing their employees mobile access to Box.
  • Require an application-specific passcode lock:Admins can require their employees to set an application-specific passcode and set the threshold for inactivity before they would be required to enter it.
    • How to enable: The setting can be found in the Admin Console > Admin Settings > Mobile tab. Admins can also view the features they’ve enabled or disabled for all employees in their security reports.
    • Why is this important: This feature adds an extra layer of security if their users’ mobile devices are lost or stolen.
  • Require 2-step login verification:Admins can require 2-step login verification for any new or unrecognized logins—including on mobile apps. With the setting enabled, a security code is texted to a user’s mobile phone and is required in addition to the user’s password to log in.
    • How to enable: The setting can be found in the Admin Console > Admin Settings > Security tab. Admins can require 2-step login verification for all users in the Signup and Login section.
    • Why is this important: This helps prevent an imposter from logging in to an employee’s account.
  • Device pinning: Admins can limit the types and number of devices that their employees can use to access their corporate-managed Box accounts. For example, they can limit their employees to logging in via one iOS or one Android phone or tablet.
    • How to enable: The setting can be found in the Admin Console > Admin Settings > App Use Management tab. Device pinning options are available in the Application Settings section.
    • Why is this important: This feature gives admins more control over mobile access to corporate accounts, ensuring access is limited to trusted devices.
  • Remove pinning or remote log-out:Admins can also un-pin specific devices for their employees, which will effectively log the user out on that device.
    • How to enable: The setting can be found in the Admin Console > Admin Settings > App Use Management tab. To un-pin a device, search for the user in the Application Usage section and then click “remove” for the specific device.
    • Why is this important: Admins can secure corporate accounts and content even after an employee’s mobile device is lost or stolen.

Why should admins care about all these settings?

  • Previously, admins were only able to allow or block their employees’ use of Box for iPhone and iPad, Box for Android, or Box for Windows. While this may have addressed a company’s security concerns, they prevented mobile access to Box, which employees found useful for their work. With these more granular security settings, admins can allow mobile access to their employees while maintaining control of company information.
  • Admins can now customize their Box mobile deployments as needed by their use case and security needs.

What types of customers can use these settings?

  • All the admin security options above are available in Enterprise and Elite accounts.
  • Admins with business accounts have the ability to enable device pinning and require 2-step login verification.

 

How is this different than what mobile device management providers like MobileIron and Good Technology offer?

  • The settings help admins customize user access and file sharing options within Box’s mobile apps. However, many enterprises need MDM solutions to secure content across the entire mobile device (not just content on Box).
  • We have strong relationships with providers like MobileIron, Good Technology and Enterproid to help solve those challenges. More information can be found at https://www.box.com/enterprise/enterprise-mobility/.

Where can I get more information?

Was this article helpful?
0 out of 3 found this helpful