Provision a service account for Box to allow Cloud App Security to scan files, including Box Notes,
stored in Box. Cloud App Security uses the service
account to run advanced threat protection and data loss prevention scanning on files
in Box.
The steps outlined below detail how to provision a service account for Box from
Dashboard.
Note:
Do not provision service accounts for Box using the co-admin role because Cloud App Security needs to impersonate all users to
take the "Quarantine" action but Box co-admins cannot impersonate any admin or
co-admin role.
-
Log on to the Cloud App Security management
console.
-
Hover over Box and click
Provision.
The Provision Service Account for Box screen
appears.
-
Click Click here.
The Box logon screen appears.
-
Specify your Box Admin credentials and click
Authorize.
The Box authorization screen appears.
-
Click Grant access to Box.
-
Go back to the Cloud App Security management console
as instructed and click Done.
Cloud App Security then synchronizes your Box user
and group information, including the user ID, user name, user email address,
group ID, and group name. The time required depends on how many users and
groups you have in Box.
Cloud App Security generates a quarantine folder
(trendmicro_cas_quarantine__dont_change_or_delete)
and a temporary folder
(trendmicro_cas_temp__dont_change_or_delete) in the
Box administrator's root directory. It also creates a group
(trendmicro_cas_temp__dont_change_or_delete) for
temporary folder management. The quarantine folder can be accessed only by
the administrator, while the temporary folder can be edited only by users
belonging to the group.
When the storage space for the quarantine folder is full, Cloud App Security will send a notification email
to the mailbox of the CLP or LMP account.
Note:
Cloud App Security renames the files in the
quarantine folder. Each file is prefixed with
RANDOM_UUID, which is a unique string randomly
generated by Cloud App Security. For example,
some_file.doc will be renamed
ecdd6cc3-58d4-42a4-831a-e39bcbc1c8d5_some_file.doc.
The temporary folder stores quarantined files before they are moved to
the quarantine folder and restored files before they are moved back to
their original locations.
-
Hover over the notification icon in the upper-right corner of the management
console.
If the message "Box protected." appears on the
Notifications screen, the provisioning is
successful.
If for some reason the access token used by the service account becomes
invalid, to continue using the service account, go to to create a new access token. For more information, see Service Account.
-
Add the Cloud App Security application for all of
your users.
-
Visit https://app.box.com/master/settings.
-
Click Apps on the menu bar.
-
In the Individual Application Controls section,
search for the application named Cloud App Security.
-
For the Cloud App Security application,
select Enforce event notifications settings on all
users and click Added by
default.
A user is protected only when the user has added Cloud App Security, and will not be protected
once the user removes the application.
-
Disable email notifications for the temporary folder
(trendmicro_cas_temp__dont_change_or_delete) for all
users.
-
Click My Account on the top header bar.
-
Find the temporary folder
(trendmicro_cas_temp__dont_change_or_delete),
click the menu icon on the right side, and select
Settings.
The Settings screen appears.
-
Under Email and Notifications, click
Override default settings for this folder and all
subfolders and select Disable all email
notifications for all collaborators.
Users will no longer receive email notifications for the temporary
folder.
Note:
If you do not perform this step, all users will be notified every
time the temporary folder changes.
If for some reason the access token becomes invalid, a notification appears on
Dashboard. Cloud App Security
also sends an email message to notify the administrator of this event. To continue
using the service account, go to to create a new access token. For more information, see Service Account.
