Best Practice - Device Pinning

Follow

·

Get Training

Overview

Box’s device pinning feature will allow you to determine a policy for the maximum number of devices that can access Box’s service from a phone, tablet (iOS, Android and Windows Phone and 8) or desktop (Mac and Windows). It can be enabled in the ‘App Use Management’ tab in the Admin Console for Enterprise accounts.



Beneath the policy settings is a list of all connected devices in the section marked ‘Application Usage.’ Connected devices are listed by Username, date of first install, and device type. You can filter for individual users by searching their name or email and filter by device type.



Determining a Policy for Device Pinning

The policy you decide on for device pinning is an organizational decision that will vary for each deployment of Box. While a good practice might be to limit sync to a single corporate laptop, phones and tablets can be transactional devices that get upgraded and replaced frequently. You may opt to have a more open policy for phones and tablets to reduce IT overhead.

Additionally, even if the policy is unlimited for each device type, device pinning gives you visibility into all connected devices throughout the organization and the ability to easily remove them when necessary. An admin can optionally be notified each time a new device is connected. If the policy is for a limited number of connected devices, admins can optionally exempt specific users from the policy.
 


Rolling Out Device Pinning and Sync

In the Admin Console you can configure New User Defaults in the ‘User Settings’ tab. To ensure the correct laptop is pinned, a good practice is to disable sync by default for new users.


 
When a user makes a request to have sync on their corporate device, they can notify the IT team. At that point the user can bring their corporate laptop to the IT team to verify Box Sync is pinned to the correct, corporate device. The admin can go the Users tab in the Admin Console, find the user that wishes to enable sync, check the box to ‘Enable Sync’ in the ‘Edit User Access permissions’ section and click ‘Save.’

Once the user logs into sync with their device, their device will be pinned and they will be unable to log into Box Sync from a different device.

What If the Device is Lost or Stolen?
 
If a user reports a lost or stolen device, the admin can remove the device from the ‘App Use Management’ tab in the Admin Console.
  1. Search for the user by email or username



  2. Filter by the device reported lost



  3. Check the box next to the devices reported lost and choose Remove. Be sure to remove all connected devices that match the device that was reported lost (eg. remove all connected iPads even if one iPad was reported lost).

 
Alternatively, the device(s) can be removed within the Users tab of the Admin Console beneath ‘Edit User Access permissions.’



Other Considerations
 
For more restrictive controls, Box also has the ability to prevent users from saving files onto their devices on iOS, Android and Windows 8 and Phone. This prevents offline access to the files, as well as the ability to open files into other third party productivity applications in the OneCloud ecosystem.

Box does recommend you require an application passcode lock, which can be enforced after a certain period of inactivity.


If you have not selected a vendor for mobile security management, Box also maintains partnerships with best of breed MDM vendors like Good and Mobile Iron. If interested ask you Customer Success Manager or Account Executive for additional information. Features offered include enforced local encryption, remote wipe, disable cut, copy & paste, and app distribution.
Was this article helpful?
0 out of 0 found this helpful