Testing Shield in Trial Mode – Box Support

This article explains how to use the "Shield Trial Mode" feature, which enables you to test Shield's classification-based security controls in your production environment of Box during a trial, without impacting the Box experience for the majority of your managed users.

Getting started

When certain criteria are met, Box enables prospective Box Shield customers to test Shield capabilities through a 30-day trial (also known as proof of concept, or POC). If you're interested in deploying Shield on a trial basis, please contact your account team to request a Shield trial.

Step 1: Select users for the Shield trial

After Box enables your Shield trial, first determine the Box users in your organization who will test Shield's classification-based access controls. This may be a group of individuals in your IT or Security teams, or a small department or functional team in your organization. As a Shield admin, you can configure a list of users for the Shield trial. Only this group of users will be able to view, apply, or modify new classification labels created for the purposes of the trial. The rest of your managed users, will see no change to their Box experience.

To configure a list of users for Shield trial:

In the Admin Console's left pane, click Shield.
In the top of the Shield window, click Access Policies.
In the top-right corner, click Configure Trial Users. Box displays the Configure Trial Users window.
Select one of the following options:
- Disable for all managed users
- Enable for all managed users
- Enable for select users
- Enable for everyone except select users
  
  Note: Box recommends you select Enable for select users to limit the Shield Trial to a small group of users. Type Box users by name or email address. As you type, Box displays names of users you can select (see screenshot below).
In the bottom-right corner of the window, click Save.

Step 2: Create new classification label(s)

Next, create new classification label(s) ("trial classifications") for the purposes of your Shield trial. For instructions on how to create, modify, or delete classification labels, see our Managing Security Classification article. If you are already using Box classifications in your Box environment, you will still need to create new classification labels for the Shield trial purposes - for example, [TEST CONFIDENTIAL].

Step 3: Configure Shield Smart Access policies

You can now create Shield Smart Access policies for your new classification labels, which will be enforced for only the group of Shield trial users. Refer to our Using Smart Access article to create an access policy.

Step 4: Apply classifications and test access policy enforcement

You can now ask your Shield trial users to begin classifying files and folders using the new labels, and test out the access policy enforcement and restrictions. Shield trial users can apply trial classifications to files or folders that are owned by Shield trial users.

Note:

Box recommends your Shield trial users apply trial classifications only to previously unclassified files and folders. If a Shield trial user applies a trial classification to a previously classified file, non-Shield trial users will not see a classification on the file.
Shield trial users will not see the Classify option in the Preview mode of files that are not owned by a Shield trial user. The only exception is in the All files page, where all users will see the Classify option, but a non-trial user will not be able to classify any file. Only users who you enabled for Shield trial will be able to apply a classification label or edit the classification label for a file they own.

Ending the Shield trial

At the end of your 30-day trial, Shield will be disabled from your production environment. All trial classification labels created during the 30-day trial will be permanently deleted, and all files and folders that had a trial classification will become unclassified. All other trial data, i.e., access policies, detection rules, alerts, will also be permanently deleted.