Provisioning a Service Account for Box

Provision a service account for Box to allow Cloud App Security to scan files, including Box Notes, stored in Box. Cloud App Security uses the service account to run advanced threat protection and data loss prevention scanning on files in Box.

The steps outlined below detail how to provision a service account for Box from Dashboard.


Do not provision service accounts for Box using the co-admin role because Cloud App Security needs to impersonate all users to take the "Quarantine" action but Box co-admins cannot impersonate any admin or co-admin role.

  1. Log on to the Cloud App Security management console.
  2. Hover over Box and click Provision.

    The Provision Service Account for Box screen appears.

  3. Click Click here.

    The Box logon screen appears.

  4. Specify your Box Admin credentials and click Authorize.

    The Box authorization screen appears.

  5. Click Grant access to Box.
  6. Go back to the Cloud App Security management console as instructed and click Done.

    Cloud App Security then synchronizes your Box user and group information, including the user ID, user name, user email address, group ID, and group name. The time required depends on how many users and groups you have in Box.

    Cloud App Security generates a quarantine folder (trendmicro_cas_quarantine__dont_change_or_delete) and a temporary folder (trendmicro_cas_temp__dont_change_or_delete) in the Box administrator's root directory. It also creates a group (trendmicro_cas_temp__dont_change_or_delete) for temporary folder management. The quarantine folder can be accessed only by the administrator, while the temporary folder can be edited only by users belonging to the group.

    When the storage space for the quarantine folder is full, Cloud App Security will send a notification email to the mailbox of the CLP or LMP account.


    Cloud App Security renames the files in the quarantine folder. Each file is prefixed with RANDOM_UUID, which is a unique string randomly generated by Cloud App Security. For example, some_file.doc will be renamed ecdd6cc3-58d4-42a4-831a-e39bcbc1c8d5_some_file.doc.

    The temporary folder stores quarantined files before they are moved to the quarantine folder and restored files before they are moved back to their original locations.

  7. Hover over the ring icon in the upper-right corner of the management console.

    If the message "Box protected." appears on the Notifications screen, the provisioning is successful.

    If for some reason the access token used by the service account becomes invalid, to continue using the service account, go to Administration > Service Account to create a new access token. For more information, see Service Account.

  8. Add the Cloud App Security application for all of your users.
    1. Visit
    2. Click Apps on the menu bar.
    3. In the Individual Application Controls section, search for the application named Cloud App Security.
    4. For the Cloud App Security application, select Enforce event notifications settings on all users and click Added by default.

    A user is protected only when the user has added Cloud App Security, and will not be protected once the user removes the application.

  9. Disable email notifications for the temporary folder (trendmicro_cas_temp__dont_change_or_delete) for all users.
    1. Click My Account on the top header bar.
    2. Find the temporary folder (trendmicro_cas_temp__dont_change_or_delete), click the menu icon on the right side, and select Settings.

      The Settings screen appears.

    3. Under Email and Notifications, click Override default settings for this folder and all subfolders and select Disable all email notifications for all collaborators.

      Users will no longer receive email notifications for the temporary folder.


      If you do not perform this step, all users will be notified every time the temporary folder changes.