Managed Security Awareness FAQ

These are FAQs about the Arctic Wolf® Managed Security Awareness (MA) program and dashboard. For MA Portal use instructions, see Managed Security Awareness Dashboard User Guide.

General FAQs

These are general FAQs about the MA program.

Q: Does MA support co-branding?

A: No, the MA program does not support co-branded emails or quizzes.

Q: Can I easily track compliance training?

A: Yes. The MA Portal includes a dedicated Compliance page for CCP customers to manage compliance training courses separately from managed awareness sessions. The page allows you to view and download compliance information, and track users that have incomplete compliance training.

See Compliance in the Managed Security Awareness Dashboard User Guide for more information.

Q: Does Arctic Wolf have recommendations for organizations that want more training?

A: We recommend that you follow the suggested frequency for MA sessions and phishing simulations. The session schedule is designed to have small, regular training sessions for employees and keep the content fresh in their memory as they perform their daily tasks.

Individuals or groups may be assigned more content, such as a course, with additional licensing. See Content Library in the Managed Security Awareness Dashboard User Guide for more information.

Q: Can I import data from my current or previous security awareness system?

A: No, MA does not support importing data from other security awareness systems.

Q: Can I integrate MA with my existing learning management system?

A: No, there is no direct integration support for third-party learning management systems (LMS). You can export a comprehensive CSV of all activity for review or for compliance requirements.

Q: Can I export MA sessions for viewing in my own learning management system?

A: No, you cannot download or export MA sessions to view in another platform.

Q: How quickly is new content created for newsworthy or world events?

A: For appropriate topics, we release content within 2-3 days.

Q: Is there any physical media, such as posters, to supplement the sessions?

A: Occasionally, a flyer or a blog post is included with the sessions. You can print these materials and distribute within your organization, as desired from the Administrator Toolkit.

Q: Does MA support multiple domains?

A: No, each domain is represented in isolation on the MA Portal. If you have multiple domains, you must manage one dashboard for each domain.

Q: What types of Active Directory are supported?

A: We support Active Directory® (AD) environments that have a cloud component. If your environment uses both cloud and on-premises AD, the group you provide must have an object ID that is synced between the cloud AD and the on-premises AD.

For instructions on integrating MA with Azure® or Microsoft 365 Active Directory, see Enroll users with Azure or Microsoft 365 Active Directory.

Q: Are mobile devices supported for sessions?

A: The MA system has a responsive design for mobile browsers, however there is no mobile application.

Q: What is the User Management tool?

A: The User Management tool allows MA administrators to set up and manage the AD Integration. See Managed Security Awareness Dashboard User Guide.

User FAQs

These are FAQs about MA program users.

Q: How do I add or remove users from the program?

A: To add or remove users, see Manage users in the Managed Security Awareness Dashboard User Guide for more information.

Q: Do I need to provide a complete CSV of all users each time there is a change?

A: Yes, if you exclusively manage your user list using CSV files, you must provide a full list of all participating users that you want included in MA each time there is a change to that list.

We recommend using the AD integration option wherever possible to easily make changes using AD groups, rather than sending a file to Arctic Wolf each time a change is required. See Manage users in the Managed Security Awareness Dashboard User Guide for more information.

Q: Is there an audit log of which user chooses to mute sessions?

A: No, we do not currently include an audit log of users who choose to mute sessions.

Q: Do we have any averages or historical metrics for user participation?

A: No, we do not have any historical metrics for user participation.

Q: What happens to employee training history when the employee leaves the organization?

A: When an employee is deactivated, their training history is kept and they receive no further email messages. Administrators cannot view inactive users on the Administration Dashboard. If you need information about inactive users, you must request it from your CST.

Q: How do I increase the participation rate in my organization?

A: There are three key elements to increasing your participation:

• Messaging — Users must understand what the MA program is and what is required from them to participate. We recommend communicating that each session takes only takes 2-3 minutes of their time every few weeks. Administrators can use the User Welcome Message Template found in the Administrator Toolkit.

• Allowlisting — Make sure that any Allowlists are updated to allow emails from the MA program. Users are unlikely to see any messages that are sent to spam or junk folders. See Adding MA to email allowlists in the Configuring Managed Security Awareness Configuration Guide for more information.

• Required participation — We strongly recommend making MA program participation a requirement in your organization. We observe higher participation rates within organizations with this requirement.

Q: Does content difficulty or complexity increase as users complete the program?

A: No, sending more difficult content to employees with more training is not supported. All recipients of a microlearning session or course receive the same content.

Q: Can I schedule more frequent sessions for users?

A: The MA program sends one session every other week. This frequency keeps the training top of mind. However, you can assign individuals more sessions manually using the Administration Dashboard, or assign sessions to groups if you have the appropriate licensing and have integrated AD. See Content Library in the Managed Security Awareness Dashboard User Guide for more information.

Session FAQs

These are FAQs about MA sessions.

Q: Are the session emails customizable?

A: No, the content of the MA session emails is not customizable beyond the private label settings. See Customizing emails using private labeling in the Managed Security Awareness Dashboard User Guide for more information.

Q: Can I change the email sender name and signature in the sessions?

A: Yes, you can customize the email sender name using the Private Labeling feature. The display name is included in the signature of session emails sent to users, as well as within the MA Portal page header. The sender email name is shown on the individual emails in an inbox. However, you cannot customize the email signature. The customized name appears in the signature but the signature content is not customizable. See Customizing emails using private labeling in the Managed Security Awareness Dashboard User Guide for more information.

Q: How do I make sure sessions do not go to junk or spam?

A: The administrator must complete the allowlist that the account manager provides, prior to launching the program.

Phishing simulation FAQs

These are FAQs about the phishing simulation feature.

Q: Does MA have email reporting for suspicious emails?

A: Yes, the Report Email button can be installed for MA customers who use Outlook as their email service. See Report Phishing or contact your Arctic Wolf Concierge Security Team (CST) for more information.

Q: Does Arctic Wolf receive alerts when a user reports an email with the Report Email button?

A: No. When a user reports an email with the Report Email button, the MA Admin is responsible for reviewing the reported emails in their MA Portal in the Reported Phishing dashboard. If you need assistance with next steps for a suspicious email, submit a ticket in the Arctic Wolf Portal.

Q: How do I add the Report Email button to my Outlook email?

A: See Configure the Report Email button for Outlook for steps to configure and deploy the Report Email button. If you require assistance with the configuration, submit a ticket in the Arctic Wolf Portal.

Q: How can I see threat details on the Reported Emails or Phishing Simulations tabs?

A: MA standard customers have limited access to analytics. MA+ customers have access to additional insights and analytics. See Reported Simulations tab for more information.

Q: Are phishing simulation emails customizable?

A: Yes. You can choose between different preset templates for each phishing session. You can also customize the email sender name and signature. See Customizing emails using private labeling in the Managed Security Awareness Dashboard User Guide for more information.

The email sender domain may differ to better suit the phishing simulation pretext, but you cannot customize the domain.

Q: Can I send more than one phishing simulation per month?

A: No, the MA system controls the scheduling of the phishing simulation delivery to all users. However, administrators can resend previously delivered phishing emails to individual users, but resending to groups is not supported. See Content Library in the Managed Security Awareness Dashboard User Guide for more information.

Q: Can third-party software, such as Microsoft Safelinks, unmask phishing simulation emails?

A: Yes, some third-party softwares, such as Microsoft Safelinks®, display the simulated malicious links as Arctic Wolf links. While we make every effort to avoid this issue, there may still be scenarios where third-party software intervention displays the URL as Arctic Wolf.

Q: Do phishing simulations include a mock sign-in page to measure users submitting credentials?

A: No, currently the phishing simulation emails direct users to the remediation session content for phishing. There is no mock sign-in page to capture credentials.

Q: Does phishing simulation include downloading and running attachments?

A: No, phishing simulation emails do not include downloading or running the attached files.

Q: How many phishing simulation templates does Arctic Wolf have?

A: We have several themes of phishing simulations that align with various popular real-world events, such as Mother’s Day or back-to-school shopping.

See also

• Managed Security Awareness Dashboard User Guide
• Managed Security Awareness Configuration Guide
• Managed Security Awareness Troubleshooting