This article explains how Sensitive App Prolonged Activity works in Swif, including:
How admins configure which apps/domains to monitor
How the browser extension detects and reports prolonged usage
How admins view and investigate prolonged activity events
It’s written for Swif admins and security/IT teams.
Relevant background articles:
How Swif’s browser extension works with the MDM agent:
How Swif’s Browser Extension Works With the MDM Agent | Help Center | Swif.aiBrowser extension security and privacy in Swif:
Browser Extension Security and Privacy in Swif | Help Center | Swif.ai
1. What is “Sensitive App Prolonged Activity”?
Sensitive App Prolonged Activity tracks when employees spend extended time on apps or websites you define as sensitive (for example: CRM exports, payment processors, HR systems, data rooms).
At a high level:
You configure Sensitive App Monitoring rules with:
Which user groups the rule applies to
Which domains are considered “sensitive” for that rule
Swif’s browser extension monitors activity on those domains on managed devices
When a user stays on a sensitive domain long enough (per policy), the extension reports a prolonged activity session to Swif
The Shadow IT / Sensitive App Monitoring insights dashboard shows:
Total prolonged activity detections
Top devices with the most prolonged activity
Per-device, per-rule breakdown (domains, session counts, duration, last activity)
This is silent to end users: they continue working normally; admins get visibility in dashboards.
Note: Sensitive App tracking relies on the Swif MDM agent for device context. On non‑MDM devices, this feature is inactive by design. See
How Swif’s Browser Extension Works With the MDM Agent | Help Center | Swif.ai
2. How Sensitive App Monitoring Rules Work (Admin Settings)
Admins manage Sensitive App Monitoring at the team level in Swif.
2.1. Where to configure rules
In the Swif web app, go to:
Settings → Teams → Sensitive App Monitoring
Select the team you want to configure.
You’ll see a list of existing Sensitive App Monitoring rules for that team.
Each rule represents “for these user groups, treat these domains as sensitive.”
The list shows for each rule:
Rule name
Target user groups
Status (Active / Disabled)
Domains Monitored (a numeric count, with a tooltip if there are many domains)
2.2. Creating a new Sensitive App Monitoring rule
On Settings → Teams → Sensitive App Monitoring:
Click Add rule.
Fill in:
Rule name – a clear label like “Finance Exports – Global” or “HR Payroll Systems”.
User groups – which groups this rule applies to (for example: “Finance team”, “HR”, “All employees”).
Choose how to define domains:
Option A – Enter domains manually
Use this when you have a small, curated list:
Add one or more domains, such as:
secure.crm.example.compayroll.company.combilling.vendor.com
The UI prevents obvious formatting issues (no protocol like
https://, no spaces, valid domain pattern).Duplicate domains (case-insensitive) are de‑duplicated before saving.
Option B – Upload a domain list
Use this when you have a larger list from a CSV or TXT file:
Switch to Upload Domain List.
Upload a CSV or TXT file containing domains:
Supports simple CSV with comma‑separated values
Supports TXT files with one domain per line
The backend:
Parses the file
Normalizes domains
Counts valid domains
Returns any invalid entries (which are reported back in the UI, for example “5 lines skipped due to invalid domains”).
After creating the rule:
The rule appears in the list with:
Correct Domains Monitored count
Assigned user groups
Active status
2.3. Editing or deleting rules
Edit a rule to:
Rename it
Change user groups
Add/remove domains
Switch between manual domains vs uploaded list (the UI remembers which method is currently in use for that rule)
Disable or delete a rule to stop monitoring for its domains and user groups:
You’ll see a confirmation dialog
After confirmation, the list refreshes and the rule disappears or changes state
2.4. Permissions
Only admins (or users with appropriate team settings permissions) can:
Create rules
Edit rules
Delete/disable rules
Read‑only users can see existing rules (if allowed) but can’t change them.
3. How the Browser Extension Tracks Prolonged Activity
Once rules exist, the browser extension is responsible for detecting and reporting prolonged activity.
For general background on the extension’s behavior and privacy, see:
3.1. When tracking is active
Sensitive App Prolonged Activity tracking:
Runs on devices enrolled in Swif MDM, where:
The MDM agent provides device identity and the assigned employee
The extension can attribute activity to a specific device and team
Is silent to users:
There are no banners, prompts, or popups for this specific feature
Users simply browse normally; admins see analytics in the Swif console
Uses the Sensitive App Monitoring rules as the only source of truth:
If a domain is not covered by an active rule, it is not treated as “sensitive” for this feature
If rules fail to load, the extension skips tracking rather than tracking unknown domains
On non‑MDM devices, Sensitive App tracking is not active, even if the extension is installed.
3.2. How domains are matched
For each browser tab/window:
The extension obtains the current URL’s domain.
It checks this domain against the active Sensitive App Monitoring rules configured for that device’s team:
If the domain matches at least one active rule for the device’s assigned user group(s), the domain is considered sensitive.
Otherwise, the extension does not track prolonged activity for that tab.
Rule updates (enable/disable, adding/removing domains) are picked up without requiring users to reinstall the extension; the extension periodically refreshes or updates rules from the backend.
3.3. What counts as a “session”
The feature tracks sessions of prolonged activity. A session is scoped to:
Device + Domain + Browser tab
A session:
Starts when:
A tab with a tracked sensitive domain becomes active (first load or when switching back to the tab).
Ends when:
The tab is closed
The tab navigates away to a non‑tracked domain
The browser window is closed
A defined idle or inactivity timeout is hit (for example, if the user leaves the page idle but the tab technically remains open), based on backend API semantics.
The extension ensures:
No overlapping sessions for the same tab + domain
Each session has:
deviceId(extension’s device identifier)teamIdruleId(which Sensitive App Monitoring rule matched)domain(subject to privacy constraints)sessionStartTimeandsessionEndTime(UTC)
3.4. How often events are reported
Once a session is considered prolonged (for example, the user has stayed on the sensitive domain for a defined threshold such as 10+ seconds):
The extension closes the session with a
sessionEndTime.It reports the session to Swif’s backend using a dedicated Sensitive App Prolonged Activity API.
The payload includes at minimum:
teamIddeviceIdruleIddomain(if allowed by your privacy settings)sessionStartTimesessionEndTimeDerived values (e.g. total duration)
The extension follows the same network and retry behavior as other browser extension features:
Temporary network or server issues:
Do not block the user’s browsing
Events may be retried or dropped per design
If rules or configuration cannot be loaded, the extension fails safe and does not track unknown domains.
3.5. Multiple tabs, windows, and focus
The tracking logic is designed to handle realistic browsing patterns:
Multiple tabs of the same sensitive domain:
Each active tab can generate its own session.
Multiple different sensitive domains:
Sessions are tracked separately per (device, domain, tab).
Background vs foreground tabs:
Time counting behavior follows existing Sensitive App monitoring semantics (for example, counting only while a tab is active vs allowing some background accumulation; this is enforced consistently by the backend contract).
Rapid switching:
The extension ensures start/end pairs are well-formed, so you avoid double‑counting or dropping large chunks of time in normal usage.
3.6. Privacy and PII
Sensitive App Prolonged Activity respects Swif’s broader browser extension privacy model: Browser Extension Security and Privacy in Swif | Help Center | Swif.ai
Specifically:
The feature does not collect:
Passwords or authentication credentials
Cookies or session tokens
Full page content or screenshots
Full browsing history
It uses minimal data, scoped to:
Page metadata (domain, rule ID)
Session timing (start/end timestamps, derived duration)
Device and team identifiers
Personal data:
Events do not include user emails or full names in the browser payload.
Mapping from device to user (and user details) is handled on the backend using MDM context, where access is controlled by admin permissions.
Data storage and exposure:
Sensitive app events are available to admins via dashboards and reports.
Access is governed by your existing roles/permissions in Swif.
4. Where to View Sensitive App Prolonged Activity Events
Once rules are configured and the extension is tracking, admins can see results in the Shadow IT / Sensitive App Monitoring insights area.
4.1. Insight dashboard widgets
On the Shadow IT → Sensitive App Monitoring dashboard, you’ll see:
1) “Sensitive App Prolonged Activity” summary widget
Shows the total number of prolonged activity detections in the selected timeframe.
Respects filters:
Timeframe (for example: last 7 days, last 30 days, custom range)
Team
Device groups and rule filters (where applicable)
Includes standard states:
Loading
Empty (no detections)
Error (if the backend is temporarily unavailable)
2) “Top Devices with Sensitive App Prolonged Activity” widget
A table-style widget that lists devices with the highest total prolonged time on sensitive apps. For each device, you’ll typically see:
Device name and status
Assigned user (as available from MDM)
Device group (if used in your environment)
Total prolonged time across all sensitive app sessions in the timeframe (e.g.
1h 23m)Session count
Last activity time
This widget also honors the same filters and timeframe settings as the rest of the dashboard.
4.2. Detailed report for a single device
To dig deeper into a specific device’s behavior:
On the Top Devices with Sensitive App Prolonged Activity widget, click a device row.
This opens a detailed report for:
That device
A specific Sensitive App Monitoring rule
The current timeframe and filters
The detailed report shows:
Device context:
Device name and status
Assigned user
Device group and any other key metadata
Rule context:
Rule name
A label such as “X monitored domains”
A tooltip that lists all monitored domains tied to that rule (pulled from the backend)
Summary metrics:
Timeframe
Total prolonged time on sensitive apps (for this rule and device in the selected timeframe)
Domain count
Domain breakdown table:
For each domain:
Domain name (e.g.
secure.crm.example.com)Total prolonged time
Session count
Last activity time
Supports pagination and sorting (for example, sorted by prolonged time descending by default)
You can use Previous / Next controls to navigate between devices in the same list without closing the modal. These controls are automatically disabled on the first/last device.
4.3. Permissions, access, and errors
Access to Sensitive App Prolonged Activity data follows your existing Shadow IT / Sensitive App Monitoring permissions:
If a user doesn’t have access to these insights:
The widgets or pages may be hidden, or
They’ll see a standard “no access” message
If an API error occurs:
Affected widgets or sections show a non‑blocking error message (for example, “Unable to load data”), while the rest of the page remains usable.
5. Best Practices for Using Sensitive App Prolonged Activity
1. Start with a narrow, high‑risk domain set
Begin by monitoring your most sensitive applications:
CRM exports
Finance/payments
HR and payroll
Data rooms and internal tools exposing large datasets
Use domain list upload for large curated sets (for example, vendor domains from a risk register).
2. Align rules with user groups
Create rules that map cleanly to how your organization works:
Finance-specific rules for finance groups
HR rules for HR groups
Broad “enterprise-wide” rules only where necessary
3. Use the dashboard to iterate
Watch the Top Devices and detailed reports:
Validate that the domains and durations match your expectations.
Investigate outliers (unexpectedly long activity on a sensitive app).
Adjust rules (add/remove domains, change groups) based on what you learn.
4. Combine with other browser extension controls
Sensitive App Prolonged Activity is often used alongside:
Upload restrictions
Ensure your overall policy and communication strategy to employees is consistent across features.