Announcing the General Availability of the new File Request experience!

Announcing the General Availability of the new File Request experience!

Businesses are rapidly adapting to enable remote work for their employees, partners and customers in light of the coronavirus outbreak. Our customers are putting new programs and initiatives in place, many of which require the ability to collect documents containing sensitive information from entities outside their organization. In order to enable our customers to do this easily, securely and at scale, we are excited to announce that we are significantly accelerating the delivery of the new File Request experience. The new File Request will now be generally available in early May 2020.
 
To ensure we can deliver this production-ready capability two months earlier than originally scheduled, we are forgoing the File Request Public Beta program originally scheduled for April 15. We apologize for any inconvenience this may cause. Please reach out to your account team if you need urgent access to the new capability.
 
Here's what you can expect from the new capability. The File Request experience on Box is getting even better - with the ability to build a structured content-intake form to request files and collect metadata directly in Box. The enhanced File Request experience will enable users to quickly, seamlessly and securely request files and metadata from anyone, even those without a Box account. 
 
With the upcoming enhancements, Box users can: 
  • Build a structured intake form with one or more upload zones
  • Solicit additional information with metadata form fields, which can be set as required/optional
  • Enable extra security and tracking with link settings
This powers use cases in departments across the organization such as:
  • Procurement teams sourcing invoices from external vendors/contractors for approval
  • HR teams requesting information (I-9 form etc.) from new hires prior to their first day
    ...and many more! Learn more about the new File Request experience here.
Important note on default settings
In the new File Request experience, by default, users who have editor permissions or above on folders will be able to create File Requests. Admins can manage these permissions via the Admin Console. Please refer to the Administering Box File Request community article for more details.
 
We will continue to share GA updates on this page. Stay tuned! 
29 Comments
Box Employee
Status changed to: Coming Soon
 
Contributor

Hi vgorur,

 

Can you please confirm if this allows anonymous uploads?  If so, we will need to disable this as soon as it's released unfortunately.  We only allow registered external users to be able to upload.

 

Thanks!

Box Employee

@user1000 yes it will allow anonymous uploads but you can always disable the feature via the Admin Console

Visitor

Hi

 

are you planning also to improve the outlook plugin with the requestfile like in sharefile or egnyte would be very practical

 

thanks

 

New Contributor

I would prefer if this was disabled by default rather than enabled by default as almost all of our users are editors. 

New Contributor

@vgorur, feedback for Box: Please turn this feature OFF by default.

 

Turning this on by default is pretty reckless, especially since Box is foregoing a public beta. This feature has numerous security and privacy risks that each enterprise will need to assess for themselves.

 

Even the example scenarios identify business processes with high security and privacy risks: anonymous upload of invoices to approve, or HR personal information? No thank you.

 

From the FAQ: the feature bypasses existing controls and sharing settings, has no malware scanning, and no admin reporting to determine how this feature is being used.

 

As it stands, I don't even have the option to turn this off ahead of time. I don't see the new admin options yet.

 

Early adopters could turn this on when they're ready to accept the risks. Turn it off by default for the rest of us, please.

Regular Visitor

Will the new experience show a progress bar for the uploader? The current experience I've tested doesn't show the user any progress and that's not a great experience for requesting a large volume of files, i.e. from a photographer.

Contributor

@prw_pauldowling I agree 100%, we just spent a lot of time last year getting rid of the anonymous public Share Links and now this gets enabled by default allowing anonymous public uploads.

Occasional Contributor

During the private beta phase, we have been testing the upcoming File Request Form functionality. It's difficult to recall our first look at the beta Admin Console controls, but I believe the new File Request Form feature was enabled by default (as noted in other comments). We have since observed that the "Disable for all managed users" selection does not disable the older (existing) File Request link and Upload Embed Widget functionality that was launched about a year ago. Therefore, I can see an issue with not having the controls to disable anonymous file uploading (by any method) company-wide. This could be an issue for GxP compliance in some contexts.

We have determined that the beta Admin Console control does successfully disable the newer File Request Form ability. What can make this whole topic somewhat confusing is the similarity between the existing and upcoming dialog boxes that both allow file requests. I agree that both features (older and upcoming) require the ability for the Admin to disable them company-wide and should be off by default.

@jlyle 

Box Employee
@Jenn_ifer @prw_pauldowling @user1000 @rcorvino 
Thanks for sharing your concern about the default setting on the new File Request. We agree that enterprises need to decide for themselves how widely they enable the feature. To that end, we are providing fine-grained admin controls to:
  1. configure which users have access to the feature (including disabling it easily for the entire enterprise), and
  2. configure whether to include editors, or limit access only to folder owners and co-owners.

We've kept the permissions consistent with Editor permissions in Box which provide full read/write access to content in the folder.

 
We are also being proactive about informing our customers about this capability being on by default, and how to disable it if they choose to. Please note that no company content is shared out. Users would need to intentionally send out the link to request files, and they can disable the link after a desired timeframe.
 
Thanks again for taking the time to share your feedback. We very much appreciate it!
Contributor
vgour -- unfortunately, "We are also being proactive about informing our customers about this capability being on by default" is like saying "Go on, when I leave your house I'll just leave the door open and unlocked, but it's ok -- I told you I was going to do it." Off by default hurts no one and is a much more secure option.

Contributor

Are you also improving the structure of the upload links? Right now they are horrendously long and ugly. Please create a cleaner looking link.

Occasional Contributor

@vgorur 

Vgorur, it appears that you missed one of the points I was making above (see quote below). So, to repeat, in beta testing, we observed that you cannot disable the older File Request method (i.e., embedded widgets), only the newer functionality. This is an issue that should be tested and fixed by Box.

 

"We have since observed that the "Disable for all managed users" selection does not disable the older (existing) File Request link and Upload Embed Widget functionality that was launched about a year ago. Therefore, I can see an issue with not having the controls to disable anonymous file uploading (by any method) company-wide."

Box Employee

@rcorvino
Thanks for the note. Yes, your observation is indeed correct. That was intentional for Beta. Once we GA, turning it off will disable the new as well as the older functionality. Hope that helps. Thanks!

Box Employee

@acivory 

We heard you! Yes, we'll be generating a shorter and cleaner link. Look out for it! Thanks! 

Box Employee

@dseward yes there will be a progress bar and we'll show upload progress for each file in the submission - thanks!

New Contributor

@vgorur, @ravneet : will Box be releasing the admin functions ahead of the actual feature GA, so that we can configure this before it gets rolled out to everyone?

Contributor

@prw_pauldowling 

 

Excellent point!   I was trying to figure out how I was going to disable this feature "as" the cat is let out of the bag.  Our corporate security policy does "not" allow any anonymous access of any kind (even upload of content that might be infected). Combine that upload folder with Box Drive residing internally on all our corporate laptops and you have a very efficient way to deliver a virus right to everyone's desktop computer.  We really don't appreciate these kind of features being rolled out in an enabled state.  We need to be able to allow or not allow this kind of anonymous access.  I'm really hoping Box is listening to it's users.  We need to abide by our corporate policies.  Box is making this difficult.  

 

Thanks! 

Box Employee

Hi @user1000 and @prw_pauldowling: Absolutely, we hear your feedback and appreciate it. 

 

Admin controls will release in conjunction with the feature, and I can contact you when we release. Please be assured that if you have virus scanning on Box it will take effect on files uploaded through File Request, and uploads will only take place in the designated folder where an employee shares a link to request files. No company content can be shared externally. I hope you find the granularity of control in the Admin Console useful for this iteration of the feature. Many thanks again for your feedback.

Box Employee

Hi @user1000 @prw_pauldowling @rcorvino @acivory @Jenn_ifer @Ikiphonix @dseward @grm1 

 

Thank you all for your interest in this capability! We appreciated your comments and feedback.

The new File Request experience will be releasing today at close of business between 3 and 5 PM Pacific Time, in order to minimize disruption.

Once released, we'll be updating this post. 

 

Thanks again!

Box Certified Professional
How does the admin discover where File Request is in use within the enterprise? In short, how can the various intake points be identified once they're created? Is there a report for this?


Contributor

Hi @ravneet,

 

Our policy does allow "registered" users that have been added as collaborators.  Why not release this with an optional "Allow anonymous" setting disabled.  Is this an option?

 

Thanks!

Box Employee
Status changed to: Launched
 
Box Employee

@user1000, we are exploring enhancements with that in mind

 

@royal yes, we are releasing admin reports in Q2 to enable that visibility

New Contributor

@vgorur Thanks for this upgrade. This is a very useful feature. The ability to attach metadata is particularly helpful. 

Box Employee

@emiller68 Thanks for taking the time to share your feedback! Appreciate it!

Contributor

Is the possibility of including org branding on this new request being considered?  Perhaps a space for a logo or background image?

New Contributor

@vgorur is there a way to add a Recaptcha layer to the File Request experience prior to users accessing the request form and uploader?

Box Employee

Hi @weigh2tall yes, the ability to add your enterprise logo is being considered on the roadmap. Thanks!

 

Hi @emiller68 the recaptcha layer has not been considered but you could embed the File Request on your own webpage (click </> and copy the iFrame) and thus add a layer to your own webpage if that helps! Thanks!