Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status
Print

About Box Security

Security , Admin Console

Box provides Administrators a number of tools in the Admin Console to help your organization secure your Box user accounts, the content your organization stores in Box, and the devices used to access content stored in Box. This topic contains an overview of these tools and links to additional, in-depth information about these tools; that information will help you set up and configure these tools to keep your Box account secure. 

Note

Some security tools are features that require a minimum level of Box plan, also known as a tariff or are available in some plans only as an add-on. See the Features section of the Box Pricing page to view a high-level list of what features are available for each plan. 

Users also have tools in their own account and app settings to set individual account, content, and device security controls.

Account Security Tools

Account security tools help protect the credentials that people use to access their box accounts. In Admin Console > Enterprise Settings, two tabs contains settings for account security: the Security Tab and the User Settings tab.

Account Security Tools in the Security Tab

The Signup and Login section contains several options to let you control or get informed when users sign up for or log in to Box, including:

  • Self-signup, which would allow people to create a managed user account themselves, rather than requiring an Admin or Co-Admin to do it for them.
  • Prevent user from changing their email address.
  • Several notifications, including for when accounts are created and for failed login attempts.

The 2-Step Login Verification section allows you to require and to configure multi-factor authentication for managed users and for external users.

The Password Requirements section allows you to:

  • Define password requirement for both users and external collaborators
  • Decide on password reset options
  • Get notifications for password changes

The Session Duration for All Users section contains a setting where you can define a length of time a user can be logged in.

Account Security Tools in the User Settings Tab

The Name Change Restrictions section contains a setting where you can prevent users from changing their user name.

The Configure Single Sign-On (SSO) for All Users  and Enable Single Sign-On (SSO) for All Users sections contains controls that allow you to enable and configure SSO, which means users would sign in to Box with an identity provider instead of a user name and password.

Content Security Tools

Content security tools help insure that the content you store in Box is safe and that access to that content is under your control. Shield is the primary Box feature that helps you secure your content, but there are also some settings in Admin Console > Enterprise Settings.

Box Shield

Use Box Shield to:

  • Automatically classify your content
  • Detect threats within your content
  • Define access to your content
  • Create ethical walls around your content

Content Security Tools in the Security Tab

The Uploads section contains a control that where you can choose how users upload and download content via ftp.

Content Security Tools in the Content & Sharing Tab

The Shared Links section allows you to define any limitations on shared links, which are one of the primary ways users share content both within and outside your organization. The controls here include:

  • What content can be shared with links
  • The definition of company
  • Who can access shared links
  • Default access for shared links
  • Shared link permissions

Custom Shared Links Tools in the Content & Sharing Tab

The Custom Shared Links section allows you to offer shared links with a custom URL.

Collaborating on Content Tools in the Content & Sharing Tab

The Collaborating on Content section allows you to define how users can collaborate on content, which is one of the primary ways users share content both within and outside your organization. The controls here include:

  • Roles that folder owners can choose when collaborating
  • Default collaboration role
  • Whether collaboration invites are restricted
  • Whether users can invite collaborators with invite links
  • Whether users can invite groups as collaborators
  • Whether ownership transfer is restricted
  • Whether external collaboration is allowed

Watermarking Tools in the Content & Sharing Tab

The Watermarking section allows you to define the type of watermarking used when a watermark is added to a file.

Content Creation Tools in the Content & Sharing Tab

The Content Creation section allows you to restrict content and tag creation and to allow users to upload to Box via email.

File Request Tools in the Content & Sharing Tab

The File Request section includes settings where you can:

  • Define who can use File Request
  • Define what permissions are required to create file requests
  • Require file request uploaders to log in with a Box account

Auto-Expiration Tools in the Content & Sharing Tab

The Auto-Expiration section is where you define the maximum time that shared links and collaborations can exist after they have been created.

Trash Tools in the Content & Sharing Tab

The Trash section is where you can enable Trash and define:

  • Who can delete content permanently from Trash
  • How long items in Trash are retained before they are automatically deleted permanently

User Permission for Box Mobile Application Tools in the Mobile Tab

The User Permission for Box Mobile Application section is where you configure any restrictions on content accessed via the Box mobile app.

Device Security Tools

Device security tools ensure that devices that connect to Box meet defined security requirements and are not capable of delivering any threat vectors to Box. In Admin Console > Enterprise Settings, the Device Protection tab contains several tools to help you control when devices can and cannot connect to Box.

Device Trust Tools in the Device Protection Tab

The Device Trust section is where you define minimum device ownership and security requirements, such as operating system (OS) version and whether the device is using an active antivirus or firewall program, to be allowed to connect with Box.

Endpoint Detection and Response Integrations Tools in the Device Protection Tab

The Endpoint Detection and Response Integrations section is where you connect and configure available external detection and response vendors. Tools such as these dynamically evaluate the security posture of the connecting device and allow Box to perform remediation actions if a risk is discovered.

Device Pinning Tools in the Device Protection Tab

The Device Pinning section is where you can enable device pinning and define how many devices and types of devices per user are allowed to connect to Box.

Passcode Settings for Box Mobile Application in the Mobile Tab

The Passcode Settings for Box Mobile Application section is where you can require users of devices on which the Box app is installed to enter a passcode after a defined amount of inactivity.

 

 

Related articles