Currently, it is required to whitelist all off Amazon tracking (*.awstrack.me) globally. This presents a potential privacy and security issue as it is so broad.

Amazon allows for and documents how to use alias records so that customers see your DNS names and not Amazon's. It is easier to whitelist all of Sophos than it is to whitelist all of Amazon. As a security company, correcting these perceived issues should be paramount.

See the link to Amazon's documentation for details.

https://docs.aws.amazon.com/ses/latest/DeveloperGuide/configure-custom-open-click-domains.html

Add a way to report an email without Opening or using the Preview Pane.

Like a right click context option, or allow the button to work on selected message without the reading pane active.

Can you put the ability to add more than one video to a training campaign into version 2 like it was in version 1.

I would like to request the ability to save and continue a campaign that I'm creating. I can't always run through the steps from start to finish without interruptions (or need to gather info). In v1 there was no Save and Continue option, but the program saved the campaign automatically.

Allow support for users with naming convention of 'Last Name, First Name' in campaigns.

Currently {FirstName} variable resolves to the users 'Last Name,'

Recently noticed that Phish Threat campaigns that we're not able to manage the timeline to phish/training campaigns for less than a month. As the project Administrator, I should be able to dictate the duration of the testing campaign and not hard-limited to a month long campaign.

It would be glad to import existing real phishing mails (without the bad links). This would be much more realistic than sending the same fake thread the 3rd time

ability to enroll multiple users through CSV for a campaign instead of manually selecting them or avoid creating a user group manually.

Test the email flow to a specific user in phishing campaign within the campaign. Need to ensure the email is getting through the intended network's email filter. At the moment, we need to create a test campaign every time we test this.

Allow the ability to add multiple training modules per Training campaign (similar to V1 functionality).

When testing out campaign functionality it would be useful to be able to remove the Campaign (restricted to Super Admin).

It would be helpful to have the ability to sync users with the Azure AD so that new users will automatically be added for training/testing.

I'd like to see Sophos scan the "From" field and compare it to the names on our protected mailboxes. If the name matches, but the email address is not the protected mailbox, have the ability to modify the subject or reject the email. It would be even better if you could have a level of security on this so that an exact match on the name can trigger a more strict action like rejection.

It would be good if we were able to export a list of URLs to each users training for when they have failed a campaign. We often have users deleting their emails so obtaining a copy of URL to send them would be handy.

To note: This can be done on the US V1 portal however it is not available on the UK V2 portal.

In phish threat under the campaign overview it shows "device breakdown". This displays either computers or mobile devices with respective statistics.

It would be great to click the respective device group and display the users associated with this device type, or at least have the ability to see this information somewhere such as results.

All other options are in the drop down filter. "Not Completed" which is the most important for managing open campaigns is not available in the Campaign quick view.

Need a report to show which training courses each user has taken so we can know what to assign for future campaigns.