Connectors · Box Private Preview

Box

Rencore monitors Box across 22 governance policies, 12 reports, and 11 inventories, detecting open shared links, external collaboration risks, and retention violations automatically.

Digital Workplace

Published 16 May 2026 For IT Admin, Head of IT, CISO

Box is in private preview. Join the waiting list and we will reach out when access opens up.

Join the waiting list

Rencore Box governance is a set of 22 policies, 12 reports, 11 segments, and 11 inventories that continuously audit Box for external sharing violations, retention policy gaps, and user lifecycle issues. It detects shared links open to anyone on the internet, folders with unrestricted external collaboration, expired shared links still active, and users deactivated in Entra ID who retain Box access.

61 governance capabilities: 11 inventories · 22 policies · 12 reports · 11 segments · 4 automations

Why govern Box with Rencore

Stop external oversharing

Detect shared links open to anyone, folders allowing external collaboration without restriction, and shared links missing password protection or expiration dates. Prioritize by content sensitivity and exposure level.
Enforce retention and legal holds

Find folders missing retention policies, files outside legal hold scope that should be preserved, and retention assignments that conflict with business requirements.
Manage user lifecycle

Identify Box users deactivated in Entra ID who still have active access, external collaborators without business justification, and app authorizations granted to unvetted third-party applications.
Track content and collaboration

Reports show sharing trends, most-accessed folders, collaboration patterns, and storage consumption. Segment users by department, role, and activity level.

What Rencore discovers

Rencore automatically inventories these Box object types.

Box Enterprise

Top-level Box enterprise; root container for users, groups, folders, files, retention, and legal holds.
Box User

Individual Box managed user account.
Box Admin Role Assignment

Admin or co-admin role assignment derived from the Box user role property.
Box Group

Box collaboration group used to grant folder access to a set of users.
Box Folder

A folder in Box, including the All Files root and shared folders.
Box File

An individual file stored in Box.
Box Shared Link

A shared link granting URL-based access to a Box file or folder.
Box App Authorization

A custom application authorized in the enterprise via the Custom Apps Manager.
Box Retention Policy

A retention policy specifying how long content is preserved before disposition.
Box Legal Hold

A legal hold policy preserving content for compliance, eDiscovery, or litigation.
Box Login Event

A login or failed-login event from the Box Events Stream (last 30 days).

How Box governance works in Rencore

Rencore connects to Box via the Box API and inventories folders, files, shared links, collaborations, users, groups, app authorizations, retention policies, and legal holds. It links Box users to M365 users by login email, enabling cross-platform identity governance. Policies run on every scan cycle and flag violations with severity and recommended actions.

The multi-platform content governance challenge

Organizations using Box alongside SharePoint and OneDrive face fragmented sharing controls. A file shared openly on Box is invisible to Microsoft Purview. Rencore brings Box content governance into the same dashboard as your M365 governance, applying consistent oversharing detection across both platforms.

Who uses Box governance

IT administrators use it to maintain clean sharing hygiene across Box instances. CISOs rely on external access policies to detect data exposure risks. Heads of IT use the reports to compare sharing patterns between Box and Microsoft 365 content platforms.

Getting started

Provide Rencore with Box API credentials (OAuth 2.0 or JWT). All 22 policies activate on first scan, covering files, folders, shared links, and users. Rencore automatically links Box users to Entra ID for cross-platform identity governance.

Policies

22 governance rules that detect violations and risks.

Severity Category

Shared link open to anyone

Detects Box shared links with access set to 'open' (any internet user).

High External Access
Folder allows external collaboration

Detects folders that have collaborations and are not restricted to the enterprise.

High External Access
Inactive user still owns content

Detects inactive users with non-zero storage used (still owning files).

High Security
Admin exempt from login verification

Detects admin or co-admin role holders that bypass 2FA enforcement.

High Security
Failed Box login event

Lists failed login events from the last 30 days. Use a segment to drill down by IP or user.

High Security
Open shared link with heavy downloads

Detects open shared links exceeding 50 downloads (potential data exfiltration signal).

High External Access
Admin with no recent login (>90d)

Detects Box admin or co-admin role holders that have not logged in within 90 days.

High Security
Open shared link without password

Detects open shared links that have no password protection.

Medium External Access
File owned by inactive user

Detects active files whose owner is an inactive Box user.

Medium Operation
Folder not covered by a retention policy

Detects folders that are not assigned to any retention policy.

Medium Operation
Inactive legal hold with active assignments

Detects legal hold policies that are not in active state but still have user assignments.

Medium Operation
Open shared link with download enabled

Detects open shared links where direct downloads are allowed.

Medium External Access
Box user without 2-step verification

Detects active Box users that have not enrolled in 2-step verification.

Medium Security
Stale app authorization (>180 days)

Detects custom app authorizations older than 180 days. Review whether the app is still in use and revoke if not.

Medium Security
Inactive Box user holding a licensed seat

Detects inactive Box users that still occupy a licensed managed-user seat.

Medium Costs
Open shared link without expiration

Detects open shared links that never expire.

Low External Access
Folder inactive for over a year

Detects folders whose content has not been modified in 365+ days.

Low Sprawl
File in trash awaiting purge

Lists files currently in the trash bucket but not yet purged.

Low Sprawl
Empty Box group

Detects collaboration groups with zero members.

Low Sprawl
Empty Box folder

Detects active folders containing zero items.

Low Sprawl
Oversized Box file (>1 GB)

Detects active files exceeding 1 GB in size.

Low Sprawl
Box user near storage quota (>90%)

Detects Box users whose storage usage exceeds 90% of their assigned quota.

Low Costs

Need a rule that isn't listed? Rencore's Policy Builder lets you create custom policies tailored to your organization. Learn more about the Policy Builder

Reports

12 analytics views and dashboards.

Open Box shared links over time

Count of new open shared links per month over the last 12 months.

Line Chart · External Access
Box failed logins per week

Count of failed-login events per week over the last 4 weeks.

Bar Chart · Security
Box files by parent folder (top 10)

Top 10 parent folders by file count.

Bar Chart · Uncategorized
Box users by role

Distribution of Box users across admin, co-admin and user roles.

Donut Chart · Operation
Box users by status

Distribution of Box users by account status (active, inactive, cannot delete externally managed).

Donut Chart · Operation
Top Box users by storage used

Top 10 active Box users ranked by storage consumed.

Bar Chart · Costs
Box files by extension

Top 10 file extensions by count of non-trashed files.

Bar Chart · Operation
Shared links by access level

Distribution of Box shared links by access level (open, company, collaborators).

Donut Chart · External Access
Top shared links by downloads

Top 10 Box shared links ranked by download count.

Bar Chart · Adoption
Apps with high-privilege scopes

Box app integrations that have been granted high-privilege API scopes.

Bar Chart · Security
Retention policies by status

Distribution of Box retention policies by active vs retired status.

Donut Chart · Operation
2FA adoption

Active Box users by two-factor authentication enrollment status.

Donut Chart · Security

Automations

4 automated remediation workflows.

Disable Open Shared Link

Removes the shared link from a Box item after approval.
Trash Inactive Folder

Moves an inactive Box folder to the trash after approval.
Revoke App Authorization

Revokes a custom Box app authorization after approval.
Roll off Inactive User

Marks a Box user inactive after approval.

Segments

11 data groupings for targeted filtering.

Open Box shared links

Box shared links with access set to 'open' (anyone with the link).
Folders with external collaborations

Box folders that have collaborations and are not restricted to the enterprise.
Inactive Box users

Users marked inactive in Box.
Co-admin Box users

Users with the co-admin role in Box.
Trashed Box files

Box files currently in the trash bucket.
Folders without retention policy

Box folders that are not covered by any retention policy.
Active legal holds

Box legal hold policies currently in active state.
Box users without 2-step verification

Active Box users that have not enrolled in 2-step verification.
Stale Box app authorizations (>180 days)

Custom apps authorized in the Box enterprise more than 180 days ago.
Large Box files (> 1 GB)

Active Box files exceeding 1 GB in size.
High-storage Box users (> 90%)

Box users whose storage usage exceeds 90% of their quota.

Frequently asked questions

What governance areas does Rencore cover?

Rencore covers six governance pillars: visibility and inventory across all Microsoft 365 services, ready-to-go policies with over 100 pre-built governance checks, compliance and audit evidence collection for regulatory requirements, extensibility and customization through custom policies and automations, cross-department collaboration with shared dashboards and role-based access, and AI and Copilot readiness to prepare tenants for secure AI adoption.

What is Rencore governance?

Rencore governance is a SaaS platform that continuously monitors your Microsoft 365 tenant for policy violations, configuration drift, and security risks across SharePoint, Teams, Power Platform, Copilot, and AI Agents. It automates compliance evidence collection, surfaces oversharing and sprawl, and provides actionable remediation workflows, reducing manual audit effort by up to 80%.

How do Rencore policies work?

Rencore ships with hundreds of pre-built policies that detect governance violations across every connector, oversharing, sprawl, cost overruns, security risks, and compliance gaps. Policies run on a continuous schedule, evaluate each discovered object against configurable rules, and flag violations with severity (High, Medium, Low), category, and a recommended action.

Trusted by