Account monitor | Proton for Business support

Account monitor gives Proton for Business organizations visibility over sign-in attempts and other account management events. Users can view events for their own account, and administrators can view events for their whole organization to track suspicious behavior like unauthorized access attempts or credential misuse.

Account monitor is available with Proton Business Suite and all Proton for Business plans at the Professional tier.

• How account monitor works
• How to use account monitor
  • Enable or disable account monitor (administrators)
  • View account monitor events (administrators and users)
  • Search, filter, and export events (administrators)
  • Manage detailed events (administrators)
• Why use account monitor?

How account monitor works

Account monitor shows activity related to authentication and account management. This helps Proton for Business organizations spot unusual behavior and potential security issues.

Events include:

• Successful authentication (sign in and sign out)
• Failed authentication
• Authentication attempts using 2FA (two-factor authentication) or SSO (single sign-on)
• Account management actions (like password changes)

For each event, you’ll see what happened, when it happened, and which account was affected. You can also choose to collect additional event data (the user’s device name and app version, their (nova janela)IP(nova janela) address and ISP(nova janela), and their approximate location).

Account monitor is one of Proton for Business’ activity monitoring(nova janela) tools. You can see all monitoring tools available for your account in the activity monitor dashboard.

Visibility, access, and security

When account monitor is enabled, everyone in your organization can view events related to their own account.

Only administrators can:

• Enable and disable the feature
• View events for other accounts in their organization
• Search, filter, and export events

When account monitor is turned off, no event data is collected.

How to use account monitor

Enable and disable account monitor

1. Sign in to account.proton.me using your administrator account.
2. Select Settings → All settings.

3. Select Activity monitor from the sidebar, then enable the Account monitor toggle.

All done. Event data is now being collected.

To disable account monitor, simply toggle Account monitor off.

View account monitor events

Users (non-admins)

1. Sign in to account.proton.me. You may be asked to select a Proton service. Select any service to continue.
2. Select Settings → All settings.

3. In the sidebar, select Security and Privacy (under Account).

Scroll to Activity monitor.

You can now view the list of events for your account.

Administrators

1. Sign in to account.proton.me using your administrator account. You may be asked to select a Proton service. Select any service to continue.
2. Select Settings → All settings.

3. Select Activity monitor from the sidebar.

You can now view the list of events for everyone in your organization.

Search, filter, and export events

• Search for a specific event: Use the search bar under the Account monitor toggle. You can search by name, email address, domain, event name, or event details.
• Filter by date range: Fill in the From and To fields next to the search bar. Then click Search.
• Export events: Click Export to download your events as a CSV file. You can export up to 10,000 events at once. If your organization has more than 10,000 events, use filters to narrow down your search before exporting.

Show or hide device, location, and IP details

To collect and show these details for each event, toggle Include device, location, and IP details to On.

To stop collecting and showing these details, toggle Include device, location, and IP details to Off.

Why use account monitor?

Account monitor gives IT and security teams visibility into how Proton for Business accounts are being accessed. This allows organizations to:

• Meet compliance requirements: By keeping an audit trail of important actions.
• Enforce access policies: Admins can detect suspicious behavior like unauthorized access attempts or credential misuse.
• Identify threats: Organizations can proactively identify security blind spots that could expose them to cyber threats.
• Analyze incidents: If an incident happens, admins can audit historical information to identify weaknesses and threats.