In early 2021, Box added support for time-based one-time passwords (TOTP) as a second factor for authentication. Currently, end users can choose whether they want SMS or TOTP as their second factor. Admins need more control and with this update, given the stronger security provided by TOTP, admins will be able to designate TOTP a requirement for their managed users.
You can find more information here.