Provision a service account for Box to allow Cloud App Security to scan files, including Box Notes, stored in Box. Cloud App Security uses the service account to run advanced threat protection and data loss prevention scanning on files in Box.
The steps outlined below detail how to provision a service account for Box from Dashboard.
Do not provision service accounts for Box using the co-admin role because Cloud App Security needs to impersonate all users to take the "Quarantine" action but Box co-admins cannot impersonate any admin or co-admin role.
The Provision Service Account for Box screen appears.
The Box logon screen appears.
The Box authorization screen appears.
Cloud App Security then synchronizes your Box user and group information, including the user ID, user name, user email address, group ID, and group name. The time required depends on how many users and groups you have in Box.
Cloud App Security generates a quarantine folder (trendmicro_cas_quarantine__dont_change_or_delete) and a temporary folder (trendmicro_cas_temp__dont_change_or_delete) in the Box administrator's root directory. It also creates a group (trendmicro_cas_temp__dont_change_or_delete) for temporary folder management. The quarantine folder can be accessed only by the administrator, while the temporary folder can be edited only by users belonging to the group.
When the storage space for the quarantine folder is full, Cloud App Security will send a notification email to the mailbox of the CLP or LMP account.
Cloud App Security renames the files in the quarantine folder. Each file is prefixed with RANDOM_UUID, which is a unique string randomly generated by Cloud App Security. For example, some_file.doc will be renamed ecdd6cc3-58d4-42a4-831a-e39bcbc1c8d5_some_file.doc.
The temporary folder stores quarantined files before they are moved to the quarantine folder and restored files before they are moved back to their original locations.
If the message "Box protected." appears on the Notifications screen, the provisioning is successful.
If for some reason the access token used by the service account becomes invalid, to continue using the service account, go to Administration > Service Account to create a new access token. For more information, see Service Account.
A user is protected only when the user has added Cloud App Security, and will not be protected once the user removes the application.
The Settings screen appears.
Users will no longer receive email notifications for the temporary folder.
If you do not perform this step, all users will be notified every time the temporary folder changes.