Product Guides are now only available at docs.box.com. Check out all the details on what's changed.

Box Status
Print

Known Issue: Co-Authoring and Box Shield Suspicious Location Policy

Known Issue , Box Shield , Co-Authoring , Suspicious Location Policy

Issue

When trying to use Box for Microsoft Office Co-Authoring, you may see the error:

  • “Sorry, we could not sign you into Box. Please try again later.”

You may also see related errors when opening co-authorable files:

  • “We can't open 'File.docx' as it is not supported.”
  • “Sorry, we couldn’t open 'https://api.box.com/wopi/files/.../File.docx’.”

 

Cause

Microsoft has confirmed it does not provide geo-specific processing for CSPP or CSPP Plus, and cannot guarantee where co-authoring service requests are processed except for FedRAMP-specific scenarios. As a result, Box Shield’s Suspicious Location IP check can sometimes block Microsoft Co-Authoring server IPs and cause the sign-in/open failures above.

 

Workaround / Recommended Action

Box recommends that Box Admins exclude Microsoft Co-Authoring server IPs from the Box Shield Suspicious Location IP check.

Microsoft  URLs and IP address ranges can be found at https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide.

 

Steps:

  1. Identify your organization’s Microsoft Co-Authoring server IP addresses (consult Microsoft or your tenant/network team if needed).
  2. In the Box Admin Console, click into Shield then the Detection Rules tab.
  3. In Suspicious Location, click Enable or select Add Rule if already enabled.
  4. Scroll to the Filter Criteria section:
  5. Add the identified Microsoft Co-Authoring server IPs to the exclusion list.
  6. Save changes and test co-authoring access.

 

 

Notes and cautions

Excluding IPs from Suspicious Location reduces the likelihood of false positives but may slightly lower location-based protections. Balance this change with your organization’s security requirements.

If your organization requires strict geo-restrictions (for example, non-FedRAMP scenarios), consult your security team before applying exclusions.

If you are a FedRAMP customer, Microsoft may provide different processing guarantees; contact Box support for details.

 

If problems persist

  • Confirm the exact error message and time of occurrence.
  • Verify the IPs you excluded match the sources in your Box Shield logs.
  • Contact Box Support with logs and the affected user(s) information for further assistance.

Related articles