What reports are available in the Admin Console?
What if I need a report for something that is not currently available in the Admin Console?
How far back does data go in a Box report?
Who can access and run reports in Box?
What does it mean when I see a report showing actions taken by an Anonymous User?
What do the various actions logged in a User Activity Report mean?
In a User Activity Report, what is the difference between a “Previewed” and a “Content Access” log?
How to generate a Legal Holds Export? or Why is Legal Hold’s “Export Content” option grayed out?
Why is a report exported from the Admin Console returning blank columns and rows?
If my company restricts content creation, will I be able to run a report?
What report can we run to determine which of our users took a specific action in Box?
Can we export a list of all folders and content stored within our Box instance?
Does Box offer a report for our consumption of platform resources?
Is it possible to run audit logs for activity of deleted user?
Is there a report of all the domains that have been whitelisted for our Box tenant?
Is there a report that tracks how users are logging into to Box?
What reports are available in the Admin Console?
-
The Admin Console provides a wide range of reports, including Collaborations, User Activity, Security Logs, Retention, and more. For a full list and detailed information about the reports readily available in the Admin Console, please refer to our Running Reports community article.
What if I need a report for something that is not currently available in the Admin Console?
-
If your organization needs a report that is among the report types available in the Admin Console, you can reach out to your Account Team to see if the information needed can be potentially be provided in a custom report. Additionally, you can also submit your report as a feature request through Box Pulse for consideration to be included as a new report in the Admin Console.
How far back does data go in a Box report?
-
Box report data goes back seven years.
Who can access and run reports in Box?
-
To run reports, users will need to be either a primary Admin or a Co-admin with the “Run and Access Reports” permission type enabled. Please note, some reports do require Co-Admins to have additional permissions enabled. For a full breakdown of additional permissions needed and the reports that require them, refer to our Co-Admin Permissions Required to Run Reports community article.
What does it mean when I see a report showing actions taken by an Anonymous User?
-
Anonymous users are defined in our Tracking User Activity on Files community article as “people who are not logged in to Box and access a file using a shared link -- are not displayed in this recent activity indicator.” In addition to this, Anonymous entries can occur for a number of reasons, as outlined below:
-
As part of a larger user action, additional actions were taken by the Box system. For example, when a user deletes a folder, the Box system would delete any subfolders, which would be attributed to “Anonymous” on our reporting.
-
Shared Links: Users do not need to be logged into Box to access a shared link. Thus you may see previews, uploads, and downloads by "Anonymous". This typically relates to shared link activity.
-
Email Upload: Users do not need to be logged into Box to upload via email. As a result, you may see "Anonymous" making many uploads.
-
Embed Widget: Users do not need to be logged into Box to preview an embed widget on a website. Thus, you may see "Anonymous" previews.
-
API integration: you may see other "Anonymous" actions if you have an API integration that performs actions in your account.
-
When uploads occur via File Request you may see the folder owner as the name of the uploader (as it is technically an anonymous uploader). To identify uploads via a file request, navigate to User Activity Report > File Management > Uploaded and click View. Then, under Details, filter by Service = File Request.
What do the various actions logged in a User Activity Report mean?
-
User Activity Report community article includes a comprehensive glossary of these various action types
In a User Activity Report, what is the difference between a “Previewed” and a “Content Access” log?
-
Previewed:
-
Logged when a user previewed a file in Box.
-
Content Access:
-
This event is log when either of the following occur:
-
An item is accessed by an authorized end user or programmatically by a Box Integrations.
-
A thumbnail is generated for a file when a folder (in either the mobile or web app) is accessed.
-
In some cases, you might see multiple Content Access events logged for for a single activity, such as a Preview or Move. This is because, on a technical level, larger files are sometimes chunked to improve efficiency. This does not affect the user experience, but when this happens, each chunk involved is a separate Content Access event.
-
For example, a Preview of a large PDF file might fetch the file in multiple batches of pages. While this would be one Previewed event for the file, it would be multiple Content Access events for the same file. This is quite normal; it just reveals a little bit of the technical aspects of activity in Box.
-
Content access events for thumbnail generation do not have related events or corresponding actions.
How to generate a Legal Holds Export? or Why is Legal Hold’s “Export Content” option grayed out?
-
Legal Hold Export was removed from the UI while we expand our eDiscovery features. You are still able to use Box's Content Manager to download content owned or accessible by users, use an e-discovery tool to place legal holds in Box and collect content, and use our open APIs to download content relevant to a legal hold. You can learn more about these options in our Exporting Content Under Legal Hold for eDiscovery community article.
-
If you require further assistance with the collection of content in Box relevant to a legal matter, please reach out to your Customer Success Manager as our consulting team can also assist. We value your input in shaping the future of Governance products and invite you to provide direct feedback to the Product team as we work towards expanding our eDiscovery capabilities.
Why is a report exported from the Admin Console returning blank columns and rows?
-
Typically, this suggests that no Box data matches the filters applied when running the report. If you did not user filters and/or believe that there should be data included in your report, please reach out to our Support team for assistance.
If my company restricts content creation, will I be able to run a report?
-
In order to run and receive reports, the Restrict Content Creation setting must be disabled. To provide some insight: this feature must be disabled because when a report is generated, the CSV file will be uploaded to the user's 'Box Reports' folder, which is a folder off of the user's root folder. If no 'Box Reports' folder exists, then reporting will attempt to create one using the user's credentials. Once created, reporting will attempt to upload the report-CSV file to that folder (i.e. create content). With that being said, if users can't have root folders (and thus root folders automatically created for them), they can't view the report they're pulled.
What report can we run to determine which of our users took a specific action in Box?
-
Our User Activity Report provides an overview of the actions your users have taken in Box. Please note, this report only shows completed events. Activities covered by this report, among many others, include:
-
Created user
-
Shared folder access
-
Downloaded content
-
Uploaded content
-
Trashed items
-
and many more
Why does the Admin Insights tile show a different number of Unmanaged Users compared to the User Details Report?
-
There’s a potential user count discrepancy between the Unmanaged Users tile and User Details Report for Unmanaged Users. This is due to a disparity between how the User Interface (UI) and how our reporting define an "Unmanaged User."
-
In the UI and Insights dashboard, an Unmanaged User is a user who is associated with an enterprise's domain and are collaborated on your Enterprise content.
-
In reporting, an Unmanaged User refers to an unpaid personal Box account using an email address linked to the enterprise's managed domain
Does Box have a report that lists our External Users and Collaborators, including information onto which content has been shared with these users?
-
The Collaborations Report serves to display user permissions on all collaborated content within a Box instance. This report provides specific information, including the owner's name and login, collaborator's name and login, collaboration ID, path to the file or folder, item name and type, collaborator type, permission granted to the collaborator, inviter email, dates related to collaboration invitations and expiration, among other data columns.
Can we export a list of all folders and content stored within our Box instance?
-
To track and manage their files and folders effectively within Box, you can run a Folders and Files Report, which provides detailed information about the content within your Box enterprise. This report allows users with Business Plus and higher accounts to filter the data by user, group, or folder and includes essential details such as owner name, item name, item type, size, creation date, last modified date, upload date, retention policies, legal hold policies, and more.
Does Box offer a report for our consumption of platform resources?
-
With the Platform Activity Report, users can monitor and analyze their organization's consumption of platform resources in order to:
-
Verify resource consumption
-
Understand how your organization is adopting and integrating Box into daily work
-
Determine the growth or success of applications built on the Box platform
-
Assess the overall value of your investment in Box
-
Track the number of Platform apps being built
-
Volume of API calls being made from your enterprise
Is it possible to run audit logs for activity of deleted user?
-
You can run User Activity Report with no filters applied, which will provide a report that includes the deleted user’s actions. However, if the report is too big to filter down in your spreadsheet viewing tools, you can work with our Box Support team to see if the user account is eligible to be restored. If they can be restored, when running a User Activity Report, you can apply a filter for this user for a more manageable report.
Is there a report of all the domains that have been whitelisted for our Box tenant?
-
Currently, Box does not offer an exportable list of all domains active on your allowlist. However, to see which domains have been added and removed from your allowlist, you can run a Security Logs report with the following filters:
-
Action Types: Content & Sharing
-
Added Domain to Collaboration Allowlist
-
Removed Domain from Collaboration Allowlist
On a Geographical Activity Report, why are IP addresses appearing from states outside of where our users are located?
-
When the Box And Microsoft Office Co Authoring is used in conjunction with Box Drive, it is expected that the geographic location would show as a Microsoft datacenter as all operations performed on a file using these integrations are done from the Microsoft side.
-
If you have any questions about suspicious IP addresses appearing on your reports, please reach out to our Support team for assistance.
Is there a report that tracks how users are logging into to Box?
-
Currently, our reporting system does not pull in details as to how users are logging in (i.e. via Box password or SSO credentials). However, in the past, some customers have been able to reach out to their Identity Providers, such as OKTA, to request login details.
-
Please submit your report as a feature request through our Box Pulse portal for consideration to be included as a new report in the Admin Console.