Managed Security Awareness Program and Dashboard FAQ

Frequently Asked Questions

Overview of Managed Security Awareness FAQ Direct link to this section

These are FAQs about the Arctic Wolf® Managed Security Awareness (MA) program and dashboard. For MA Dashboard use instructions, see Managed Security Awareness Dashboard User Guide.

General FAQs Direct link to this section

These are general FAQs about the MA program.

Q: What is the goal of the MA program? Direct link to this section

A: The goal of the MA program is to increase security awareness and build a strong security culture within your organization.

Q: How do I check my program progress? Direct link to this section

A: Users must wait for the monthly status message to see their progress and if they are behind on any sessions. Administrators can see the current status of any or all users on the Administration Dashboard, at any time.

See Q: What is the monthly report card? for more information.

Q: Does MA support co-branding? Direct link to this section

A: No, the MA program does not support co-branded emails or quizzes.

Q: What are compliance training modules? Direct link to this section

A: Compliance training modules are short interactive video presentations that explain the laws, regulations, and policies that are relevant to the responsibilities of employers and employees. Compliance training modules are available to customers who have a Compliance Content Pack (CCP) license.

See Content Library in the Managed Security Awareness Dashboard User Guide for more information.

Q: Can I easily track compliance training? Direct link to this section

A: Yes. The MA Dashboard includes a dedicated Compliance page for CCP customers to manage compliance training courses separately from managed awareness sessions. The page allows you to view and download compliance information, and track users that have incomplete compliance training.

See Compliance in the Managed Security Awareness Dashboard User Guide for more information.

Q: Does Arctic Wolf have recommendations for organizations that want more training? Direct link to this section

A: We recommend that you follow the suggested frequency for MA sessions and phishing simulations. The session schedule is designed to have small, regular training sessions for employees and keep the content fresh in their memory as they perform their daily tasks.

Individuals or groups may be assigned more content, such as a course, with additional licensing. See Content Library in the Managed Security Awareness Dashboard User Guide for more information.

Q: Can I import data from my current or previous security awareness system? Direct link to this section

A: No, MA does not support importing data from other security awareness systems.

Q: Can I integrate MA with my existing learning management system? Direct link to this section

A: No, there is no direct integration support for third-party learning management systems (LMS). You can export a comprehensive CSV of all activity for review or for compliance requirements.

Q: Can I export MA sessions for viewing in my own learning management system? Direct link to this section

A: No, you cannot download or export MA sessions to view in another platform.

Q: How quickly is new content created for newsworthy or world events? Direct link to this section

A: For appropriate topics, we release content within 2-3 days.

Q: Is there any physical media, such as posters, to supplement the sessions? Direct link to this section

A: Occasionally, a flyer or a blog post is included with the sessions. You can print these materials and distribute within your organization, as desired.

Q: Does MA support multiple domains? Direct link to this section

A: No, each domain is represented in isolation on the MA Dashboard. If you have multiple domains, you must manage one dashboard for each domain.

Q: What types of Active Directory are supported? Direct link to this section

A: Currently we support Active Directory (AD) environments that have a cloud component. If your environment uses both cloud and on-premises AD, the group you provide must have an object ID that is synced between the cloud AD and the on-premises AD.

Note: We do not support integration for exclusively on-premises AD environments. If your environment uses exclusively on-premises AD, you must use the CSV import method to add users, and you cannot access the group functionality within the MA Dashboard.

See Enrolling users using Azure Active Directory or Microsoft 365 in the Configuring Managed Security Awareness Configuration Guide for instructions on integrating MA with Azure AD or Microsoft 365.

Q: Are mobile devices supported for sessions? Direct link to this section

A: The MA system has a responsive design for mobile browsers, however there is no mobile application.

User FAQs Direct link to this section

These are FAQs about MA program users.

Q: What are users? Direct link to this section

A: Users are individuals within your organization who will receive sessions, quizzes, and phishing simulations. They strictly receive email communication and do not have sign-in credentials for the MA Dashboard.

Q: How do I add or remove users from the program? Direct link to this section

A: If you want to make changes:

See Q: What types of Active Directory are supported? for more information.

Q: Do I need to provide a complete CSV of all users each time there is a change? Direct link to this section

A: Yes, if you exclusively manage your user list using CSV files, you must provide a full list of all participating users that you want included in MA each time there is a change to that list.

We recommend using the AD integration option wherever possible to easily make changes using AD groups, rather than sending a file to Arctic Wolf each time a change is required. See Managing users and user groups in the Managed Security Awareness Dashboard User Guide for more information.

Q: Is there an audit log of which user chooses to mute sessions? Direct link to this section

A: No, we do not currently include an audit log of users who choose to mute sessions.

Q: Do we have any averages or historical metrics for user participation? Direct link to this section

A: No, we do not have any historical metrics for user participation.

Q: What is the monthly report card? Direct link to this section

A: These report cards are sent each month:

Q: What happens to employee training history when the employee leaves the organization? Direct link to this section

A: When an employee is deactivated, their training history is kept and they receive no further email messages. Administrators cannot view inactive users on the Administration Dashboard. If you need information about inactive users, you must request it from your CST.

Q: How do I increase the participation rate in my organization? Direct link to this section

A: There are three key elements to increasing your participation:

Q: Does content difficulty or complexity increase as users complete the program? Direct link to this section

A: No, sending more difficult content to employees with more training is not supported. All recipients of a microlearning session or course receive the same content.

Q: Can I schedule more frequent sessions for users? Direct link to this section

A: The MA program sends one session every other week. This frequency keeps the training top of mind. However, you can assign individuals more sessions manually using the Administration Dashboard, or assign sessions to groups if you have the appropriate licensing and have integrated AD. See Content Library in the Managed Security Awareness Dashboard User Guide for more information.

Session FAQs Direct link to this section

These are FAQs about MA sessions.

Q: What is a session? Direct link to this section

A: Also referred to as microlearning sessions, sessions are three to five minute videos or interactive tutorials about recognizing and neutralizing social engineering attacks and avoiding security breaches that result from human error.

Q: Are the session emails customizable? Direct link to this section

A: No, the content of the MA session emails is not customizable beyond the private label settings. See Changing private label settings in the Managed Security Awareness Dashboard User Guide for more information.

Q: Can I change the email sender name and signature in the sessions? Direct link to this section

A: Yes, you can customize the email sender name using the Private Labeling feature. The display name is included in the signature of session emails sent to users, as well as within the MA Dashboard page header. The sender email name is shown on the individual emails in an inbox. However, you cannot customize the email signature. The customized name appears in the signature but the signature content is not customizable. See Changing private label settings in the Managed Security Awareness Dashboard User Guide for more information.

::: Note: Customizations are not applied to phishing simulation emails. :::

Q: How long are the sessions? Direct link to this section

A: The session lengths are as follows:

Q: How are sessions delivered? Direct link to this section

A: Sessions are delivered through email. Each MA email contains a link to launch the session in a new browser window or tab. See Q: How often are sessions delivered? for more information.

Q: What is the QuickStart? Direct link to this section

A: The QuickStart is the first session that employees receive at your organization. It is a five-minute awareness session to orient users to the MA program and introduce key security awareness topics. Going forward, users receive an email from MA about once a week with one activity, which could be a security awareness microlearning session, a quiz, or a phishing simulation. Each type of activity should take three minutes or less to complete.

Q: When is the QuickStart session sent? Direct link to this section

A: The QuickStart session is sent:

Note: If there is a session already scheduled for that week, your new users receive two sessions in one day. This is the only time users can receive multiple sessions on a single day.

Q: What is the difference between microlearning sessions, QuickStart sessions, role-based sessions, and training modules? Direct link to this section

A: The MA program comprises these session types:

Note: Microlearning sessions, QuickStart sessions, role-based sessions, and training modules are delivered to end users through email. However, whereas microlearning sessions are scheduled to be sent automatically to user inboxes according to a schedule, users do not receive role-based sessions or compliance training modules unless their security administrator specifically assigns those sessions or compliance modules to those users.

Q: How often are sessions delivered? Direct link to this section

A: Typically, sessions are delivered every other week. Administrators can view the upcoming schedule under the Administrator Dashboard tab. See https://docs.arcticwolf.com/security_training/ma_dashboard-user-guide.html#previewing-an-upcoming-session for more information.

Q: How do I ensure that sessions do not go to junk or spam? Direct link to this section

A: The administrator must complete the allowlist that the account manager provides, prior to launching the program.

Phishing simulation FAQs Direct link to this section

These are FAQs about the phishing simulation feature.

Q: What are phishing simulations? Direct link to this section

A: Phishing simulations are emails that Arctic Wolf crafts to resemble a typical phishing email. The link in the body of the email takes the user to a remediation session if it is clicked. The dashboard tracks the number of links that are clicked, attachments that are launched, and remediation sessions that are completed across the organization.

Q: How often are phishing simulations delivered? Direct link to this section

A: Phishing simulations are delivered 12 times per year, one a month.

Q: Are phishing simulation emails customizable? Direct link to this section

A: Yes. You can choose between different preset templates for each phishing session. You can also customize the email sender name and signature. See Changing private label settings and Changing private label settings in the Managed Security Awareness Dashboard User Guide for detailed steps.

The email sender domain may differ to better suit the phishing simulation pretext, but you cannot customize the domain.

Q: Can I send more than one phishing simulation per month? Direct link to this section

A: No, the MA system controls the scheduling of the phishing simulation delivery to all users. However, administrators can resend previously delivered phishing emails to individual users, but resending to groups is not supported. See Content Library in the Managed Security Awareness Dashboard User Guide for more information.

Q: Can third-party software, such as Microsoft Safelinks, unmask phishing simulation emails? Direct link to this section

A: Yes, some third-party softwares, such as Microsoft Safelinks, display the simulated malicious links as Arctic Wolf links. While we make every effort to avoid this issue, there may still be scenarios where third-party software intervention displays the URL as Arctic Wolf.

Q: Do phishing simulations include a mock sign-in page to measure users submitting credentials? Direct link to this section

A: No, currently the phishing simulation emails direct users to the remediation session content for phishing. There is no mock sign-in page to capture credentials.

Q: Does phishing simulation include downloading and running attachments? Direct link to this section

A: No, phishing simulation emails do not include downloading or running the attached files.

Q: How many phishing simulation templates does Arctic Wolf have? Direct link to this section

A: We have several themes of phishing simulations that align with various popular real-world events, such as Mother’s Day or back-to-school shopping.

See also Direct link to this section