Managed Security Awareness Program and Portal FAQUpdated Feb 14, 2024
- Managed Security Awareness FAQ
- General FAQs
- Q: Does MA support co-branding?
- Q: Can I easily track compliance training?
- Q: What does Arctic Wolf recommend for organizations that want more training?
- Q: Can I import data from my current or previous security awareness system?
- Q: Can I integrate MA with my existing learning management system?
- Q: Can I export MA sessions for use in my own learning management system?
- Q: Can I create a shareable link for MA session content?
- Q: How quickly is new content created for newsworthy or world events?
- Q: Is there any physical media to supplement the sessions? For example, posters.
- Q: Does MA support multiple domains?
- Q: What types of Active Directory are supported?
- Q: Are mobile devices supported for sessions?
- Q: What is the User Management tool?
- User FAQs
- Q: How do I add or remove users from the program?
- Q: Do I need to provide a complete CSV of all users each time there is a change?
- Q: Is there an audit log of which users choose to mute sessions?
- Q: Are there any averages or historical metrics for user participation?
- Q: What happens to employee training history when the employee leaves the organization?
- Q: How do I increase the participation rate in my organization?
- Q: Does content difficulty or complexity increase as users complete the program?
- Q: Can I schedule more frequent sessions for users?
- Session FAQs
- Phishing simulation FAQs
- Q: Does MA have email reporting for suspicious emails?
- Q: Does Arctic Wolf receive alerts when a user reports an email with the Report Email button?
- Q: How do I add the Report Email button to my Outlook email?
- Q: How can I see threat details on the Reported Emails or Phishing Simulations tabs?
- Q: Are phishing simulation emails customizable?
- Q: Can I send more than one phishing simulation each month?
- Q: Can third-party software unmask phishing simulation emails?
- Q: Do phishing simulations include a mock sign-in page to track how many users submit their credentials?
- Q: Do phishing simulation emails include downloading and running attachments?
- Q: How many phishing simulation templates does Arctic Wolf have?
- Q: How does Arctic Wolf TruClick user detection eliminate false positives?
- Q: Is TruClick user detection backward compatible with previous phishing simulations?
- Q: Does enabling TruClick user detection change the phishing simulation user experience?
- General FAQs
- See also
This information answers frequently asked questions (FAQs) about Arctic Wolf® Managed Security Awareness (MA) program and dashboard. Contact your Concierge Security® Team (CST) at firstname.lastname@example.org if you have questions that are not answered here.
For MA Portal use instructions, see Managed Security Awareness Dashboard User Guide.
This information answers frequently asked questions about the MA program.
A: No. The MA program does not support co-branded emails or quizzes.
A: Yes. The MA Portal includes a dedicated Compliance page for Compliance Content Pack (CCP) customers to manage compliance training courses separately from managed awareness sessions. The Compliance page allows you to view and download compliance information, and track users that have incomplete compliance training.
For more information about compliance, see Compliance.
A: Arctic Wolf recommends that you follow the suggested frequency for MA sessions and phishing simulations. The session schedule is designed to have short, regular training sessions for employees. This keeps the content fresh in their memory as they perform their daily tasks.
Individuals or groups can be assigned more content, for example a course, with additional licensing. For more information about the Content Library, see Content Library.
A: No. MA does not support importing data from other security awareness systems.
A: No. There is no direct integration support for third-party learning management systems (LMS). You can export an mp4 or the Shareable Content Object (SCO) as a zip file. For more information about the Content Library, see Content Library.
A: If you have:
The Managed Security Awareness Plus (MA+) license — Yes. Session content can be downloaded as an mp4 or the Shareable Content Object (SCO) as a zip file from the Content Library.
For more information about session content, see Content Library.
The Managed Security Awareness Compliance Content Pack (CCP) — Yes. Session content can be downloaded as a mp4 or the SCO as a zip file from the Content Library.
For more information about session content, see Content Library.
The Managed Security Awareness Standard license — No. Session content download is limited to MA+ and CCP licenses.
A: Yes. For more information about session content, see Content Library.
A: For appropriate topics, Arctic Wolf releases content within 2–3 days.
A: Occasionally, a flyer or blog post is included with the sessions. You can print these materials and distribute them within your organization from the Administrator Toolkit.
A: No. Each domain is represented in isolation on the MA Portal. If you have multiple domains, you must manage one dashboard for each domain.
A: Arctic Wolf supports Active Directory® (AD) environments that have a cloud component. If your environment uses both cloud and on-premises AD, the group you provide must have an object ID that is synchronized with the cloud AD and the on-premises AD.
Note: Arctic Wolf does not support integration for exclusively on-premises AD environments. If your environment uses exclusively on-premises AD, you must use the CSV import method to add users, and you cannot access the group functionality within the MA Portal.
For more information about integrating MA with Microsoft Entra ID (formerly Azure AD)® or Microsoft 365, see Enroll users with Entra ID or Microsoft 365 Active Directory.
A: The MA system has a responsive design for mobile browsers, but there is no mobile application.
A: The User Management tool allows MA administrators to set up and manage the AD Integration. For more information about the User Management tool, see Managed Security Awareness Dashboard User Guide.
This information answers frequently asked questions about MA program users.
A: For information about adding or removing users, see Manage users.
A: Yes. If you exclusively manage your user list using CSV files, you must provide a full list of all participating users that you want included in MA each time there is a change to that list.
Arctic Wolf recommends using the AD integration option wherever possible to easily make changes using AD groups, rather than sending a file to Arctic Wolf each time a change is required. For more information about managing users, see Manage users.
A: No. Arctic Wolf does not currently include an audit log of users who choose to mute sessions.
A: No. Arctic Wolf does not have any historical metrics for user participation.
A: When an employee is deactivated, their training history is kept and they receive no more email messages. Administrators cannot view inactive users on the Administration Dashboard. If you need information about inactive users, you must request it from your CST at email@example.com.
A: There are three key elements to increasing your participation:
Messaging — Users must understand what the MA program is and what is required from them to participate. Arctic Wolf recommends communicating that each session takes only takes 2–3 minutes of their time every few weeks. Administrators can use the User Welcome Message Template found in the Administrator Toolkit.
Allowlisting — Make sure that all allowlists are updated to allow emails from the MA program. Users are unlikely to see messages that are sent to spam or junk folders.
For more information about allowlisting, see Adding MA to email allowlists.
Required participation — Arctic Wolf recommends making MA program participation a requirement in your organization. We observe higher participation rates within organizations with this requirement.
A: No. All recipients of a microlearning session or course receive the same content.
A: The MA program sends one session every other week. This frequency keeps the training fresh for users. But, you can manually assign individuals more sessions using the Administration Dashboard, or manually assign sessions to groups if you have the appropriate licensing and have integrated AD. For more information about the Content Library, see Content Library.
This information answers frequently asked questions about MA sessions.
A: No. The content of the MA session emails can not be customized. Only the private label settings are specific to your organization. For more information about customizing session emails, see Customizing emails using private labeling.
A: Yes. You can customize the email sender name using the private labeling feature. The display name is included in the signature of session emails and the MA Portal page header. The sender email name is shown on the individual emails in an inbox.
You cannot customize the email signature. The customized name appears in the signature, but the signature content is not customizable. For more information about customizing session emails, see Customizing emails using private labeling.
Note: Customizations are not applied to phishing simulation emails.
A: Before launching the MA program, the administrator must complete the allowlist that the account manager provides.
This information answers frequently asked questions about the phishing simulation feature.
A: Yes. The Report Email button can be installed for MA customers who use Outlook as their email service. For more information about the Report Phishing button, see Report Phishing or contact your CST at firstname.lastname@example.org.
A: No. When a user reports an email with the Report Email button, it is recorded on the Reported Phishing dashboard. The MA Admin is responsible for reviewing the reported emails in their MA Portal in the Reported Phishing dashboard. If you need assistance with next steps for a suspicious email, submit a ticket in the Arctic Wolf Unified Portal.
A: To configure and deploy the Report Email button, see Configure the Report Email button for Outlook. If you require assistance with the configuration, submit a ticket in the Arctic Wolf Unified Portal.
A: MA standard customers have limited access to analytics. MA+ customers have access to additional insights and analytics. For more information about the Reported Emails or Phishing Simulations tabs, see Reported Simulations tab.
A: Yes. You can choose between different preset templates for each phishing session. You can also customize the email sender name and signature. For more information about customizing emails, see Customizing emails using private labeling.
The email sender domain can change to better suit the phishing simulation pretext, but you cannot customize the domain.
A: No. The MA system controls the scheduling of the phishing simulation delivery to all users. Administrators can resend previously delivered phishing emails to individual users, but resending phishing emails to groups is not supported. For more information about the Content Library, see Content Library.
A: Yes. Some third-party software, for example Microsoft Safelinks®, display the simulated malicious links as Arctic Wolf links.
A: No. Currently, the phishing simulation emails direct users to the remediation session content for phishing. There is no mock sign-in page to capture credentials.
A: No. Phishing simulation emails do not include downloading or running the attached files.
A: Arctic Wolf has several phishing simulation themes that align with various popular real-world events. For example, Mother’s Day or back-to-school shopping.
A: Phishing simulation false positives can be caused by technology, such as email gateways or virus scanners, in your environment inspecting the phishing simulation email which results in a clicked link. TruClick® recognizes the difference between a user-initiated link execution and a device-initiated link execution. In order for a user to fail the phishing simulation with TruClick, the initial phishing link needs to be accompanied by user detections.
A: No, users will see any change to phishing simulations with TruClick is enabled.