Connect Phish threat users to Sophos Central users synced from AD.

Just like we have for Central but for Phish Threat: http://centralstatus.sophos.com

Perhaps Phish Threat needs it's own page or it can be included into the existing one for Central. It would be good to show customers any issues with email flow, log in issues etc. This would help to deflect cases as well in the event of an outage which would cause many customers to call in.

It would be neat if we could tell PT to send managers a summary of any active campaigns (e.g. once per week) so they know who of their employees is enrolled, and whether they have passed/failed the campaign or quiz.

Currently, Phish Threat will notify a manager if their employee fails a phishing attack. It would be nice if it could also inform a manager if their employee has passed the attack. Absent giving all managers access to the Sophos Cloud console, they have no way of ensuring their employees have taken and passed mandatory training. If this is to be delegated to them to ensure it happens, giving us an option to give them visibility if an employee passes OR fails the campaign or quiz would be valuable.

It would be good, that we could see the date and time of the Failed Trainings of enrolled users, also his score and what answers he choosed...
As it is now, when one choose list of users who had Failed the Training, bbut also retake that training again, you won´t see the date of Failed Training. For the system, it is Completed no matter what and it won´t show in statistics.

When identifying staff from the campaign's employee data page we'd like to be able to export that information as CSV to better identify, and address various scenarios, for instance those users who have "opened" an attack email (see: https://ideas.sophos.com/forums/593590-phish-threat/suggestions/19574035-os-browser-email-client-should-be-available-for) for more detail.

Allowing an export of this information will enhance our ability to identify staff and provide proper guidance.

It would be good that we could change, rewrite the "template" of the page after the user has failed the final quiz.

at 1) the customer would be able to customize the message sent to users, add specific informations or add additional contact within the organisation for help or anything else

at2) when the user fails the final quiz, 0% score is not simply a good score :)

Here is an idea for positive reinforcement for phishthreat.
If a user doesn’t fall victim to a phishing training have a “positive” email sent to them indicating that they successfully passed the training.
Obviously there would have to be time period allocated after the email was sent to determine if they do or do not click.

The Training Campaign editor does not offer the same level as customisation as the Attack Campaigns. The customer needs to customise the look as the corporate standard.

The email comming from the Phish Threat platform has Basic Times New Roman font and gray background, content in white. I would suggest white background and Arial font or something simply.

Most of the training we provide customers is in video format and requires the employee to hear what's being said. However most employees will not necessarily have headphones at work to view and hear these training videos. Perhaps consider this when creating more training but also ensure sysadmins are aware the training will require the employee to hear the audio to complete the training. That way they can pick and choose which training is better suited. Some offices allow headphones some might not.

At present the training material is only available in English and the user has no option to change this. Can we please look at creating more training material and make it available in other languages? Or, perhaps edit the existing training to make this available in other languages?

Is it possible to produce a report of a user’s answers to all forms of the training questionnaires? Is this information stored and accessible anywhere?

Can it please be considered for customers to have the ability to upload their own training documents or videos? Or modify the exiting training documents?

Customers might like to add their own training material into the Phish Threat site so it's more in line with their company. Would you please consider this or would we be reluctant to do so as we have some sort of duty to ensure the training is of sufficient quality and that covers the security topic well enough?

On behalf of a customer - You need to have the option that most other phishing simulators have which is "Whitelist by Email Headers" Most other vendors have some kind of customer headers so that they can be whitelisted by rule in Office 365 mail. Without this feature Office 365 will mark all your simulation email as as spam.

How knowbe4 does it: https://knowbe4.zendesk.com/hc/en-us/articles/212723707

* I understand we provide details on how to whitelist by domain and IP so perhaps we can provide details on the email headers?