Views:
Cloud Email and Collaboration Protection pre-defines a separate Data Loss Prevention policy that enables the Box administrator to manage shared links to content stored in your organization's Box environment. This helps reduce the risk of undesirable access to your organization's sensitive data through accidental creation of shared links by users.
Note
Note
In this release, Cloud Email and Collaboration Protection supports control over open shared links only. Open shared links are those set to publicly accessible and no Box account sign-in required.
This policy is independent of the other Data Loss Prevention policies for Box and cannot be prioritized.
New customers can use this policy right after granting Cloud Email and Collaboration Protection access to Box; existing users need to go to AdministrationsService Account to recreate an access token for Box before you can enable this policy.
To allow creation of open shared links to any file or folder across your organization's Box environment, disable this policy. By default, this policy is disabled. When enabled, Cloud Email and Collaboration Protection monitors the creation of shared links to files and folders in your organization's Box user accounts, and upon detection, allows the creation or removes the link based on the action configured by the administrator in the policy.
This policy is designed to apply to all Box user accounts in your organization. Configure the policy to exclude certain user accounts and items (files and folders) from this policy, that is, to allow creating open shared links to specified files and folders under specified user accounts.
Before using this policy, be aware of the following limitations:
  • Cloud Email and Collaboration Protection does not monitor the creation of open shared links to files that reside right under the root path /All Files of a Box user account.
  • For the folders that reside right under the root path /All Files of a Box user account, Cloud Email and Collaboration Protection monitors the creation of open shared links to a maximum of 1,000 of them.
  • Cloud Email and Collaboration Protection does not handle the open shared links already created before this policy is configured and enabled.
  • Cloud Email and Collaboration Protection does not support manual scan for this policy.
  • This policy cannot be duplicated or deleted.

Procedure

  1. Under Box Policies, click Shared Links Control Policy.
    The Shared Links Control policy configuration screen appears.
  2. On the General tab, select Enable Shared Links Control.
  3. Specify or modify the policy name and description.
  4. Click the Shared Links Control tab.
  5. Configure Action settings.
    Option Description
    Remove link
    Cloud Email and Collaboration Protection removes the open shared link, the corresponding file or folder cannot be opened through this link.
    Pass
    Cloud Email and Collaboration Protection records the detection in a log and allows the open shared link to the file or folder.
    Option Description
    Notify
    Cloud Email and Collaboration Protection sends a notification email message to the administrator or user according to the Notification settings.
    Do not notify
    Cloud Email and Collaboration Protection only takes the configured action on the shared link and does not send out any notification email message.
  6. Configure Exceptions settings.
    Define user accounts and items (files or folders) to exclude from this policy.
    Option Description
    Add an exception
    A maximum of 100 entries is supported.
    1. Click Add.
      The Add Exception screen appears.
    2. Select users or groups to allow creating open shared links to items under these accounts.
    3. Specify the path to a file or folder under the selected user accounts to allow creating an open shared link to.
      Below are some instructions on how to specify a valid file or folder path:
      • Start with a slash /. Cloud Email and Collaboration Protection will automatically add the root path part /All Files. For example, to add a folder path, type /example1/example2; to add a file path, enter /example1/example2.txt.
      • Wildcard characters are not supported.
      • To specify all items, type /.
      • To specify all items under a folder, end with a slash, for example, /example1/. Cloud Email and Collaboration Protection will monitor every file or subfolder under folder example1.
      • To specify any item under a folder whose name starts with specified characters, type the characters, for example, /example1/exam. Cloud Email and Collaboration Protection will monitor every file and subfolder under folder example1 whose name starts with exam.
    4. Click the green add icon.
    5. Repeat steps c and d to add more file or folder paths.
      A maximum of 10 paths is supported.
    6. Click Save.
    To delete a path, click the red delete icon.
    To modify a path, click the red delete icon and specify a path again.
    Edit an exception
    Select an entry and click Edit.
    Delete exceptions
    Select one or multiple entries and click Delete.
  7. Configure Notification settings.
    Option Description
    Notify administrator
    1. Specify the administrators to notify by selecting a recipient group or specifying individual recipients. You can click Manage recipient groups to edit the members in a group or add more groups. For details, see Configuring recipient groups.
    2. Specify message details to notify administrators that Cloud Email and Collaboration Protection detected an open shared link creation and took action on the link.
    Notify User
    Specify message details that notify the user under whose account an open shared link was created that Cloud Email and Collaboration Protection detected the creation and took action on the shared link.