How to prevent browser access from personal devices?
Hi,
How can we prevent managed users to login to Box.com web application from the browser on their personal devices? Device Pinning seems to apply only to Box Sync Client, but wouldn't prevent a user from login in from their personal computer and download corporate files.
If that's not possible, what are the other mitigation techniques we can implement?
-
Hi JL,
Welcome to the Box Community!
I understand that you would like to prevent your managed users from logging into Box applications using their personal devices, and yes, there are additional security controls you can implement to achieve this:
- Device Pinning (only impacts browser, mobile, and Box Sync end points)- This limits the number of devices a user can be logged into any given end point. Please see this article on how to manage Device Pinning for your users: https://support.box.com/hc/en-us/articles/360043693814-Device-Pinning-Settings
- Device trust (impacts all Box end points) - This requires certain security or certificate checks on the user's device to allow Box access. Device Trust allows you to meet your enterprise's compliance or security standards by setting a minimum set of requirements for devices that are used to access Box. While Device Trust is enabled, anyone using a device that fails to meet these set requirements will not be able to log in to their Box account and this might be closer what your company need. Check out this article on how to setup device trust for your Enterprise: https://support.box.com/hc/en-us/articles/360044194993-Setting-Up-Device-Trust-Security-Requirements
Thanks for reaching out and please let us know should you have any questions and we'll do our best to help!
Regards,
-
Hi JL,
There is currently no way to set up Device Pinning or Device Trust for specific group(s) as these security settings are company-wide. Also, only individual users can be exempted, should you need to on Device Pinning and not groups.
If this is something you would like to be able to do, I would highly recommend submitting this feature request at pulse.box.com! Our product managers review these requests and take them into consideration for future product development.
Best,
Post is closed for comments.
Comments
3 comments