We had numerous complaints from users that they completed training but kept receiving email reminders. In reality, they did not noticed the "Quiz" button and assumed that was it.

Would be nice to have some kind of highly visible pop up after video is over to tell users that there is also a quiz to follow.

It would be great to integrate Phish Reporting with G Suite Gmail and not only Outlook.

In Phish V1 there were several "General Settings" which gave options such as these features should make it over to V2 as they are important settings required:

• Email Sending


• Training Reminders


• Grading Options


• Notify employee's manager on failed phishing attacks


• Responses to Phishing Email


• Language options

In Phish V1 they had the ability to enroll newly added users to a default campaign. This feature was not carried over to V2.

Allow the ability to add users to an existing and running campaign

Currently, it is required to whitelist all off Amazon tracking (*.awstrack.me) globally. This presents a potential privacy and security issue as it is so broad.

Amazon allows for and documents how to use alias records so that customers see your DNS names and not Amazon's. It is easier to whitelist all of Sophos than it is to whitelist all of Amazon. As a security company, correcting these perceived issues should be paramount.

See the link to Amazon's documentation for details.

https://docs.aws.amazon.com/ses/latest/DeveloperGuide/configure-custom-open-click-domains.html

Add a way to report an email without Opening or using the Preview Pane.

Like a right click context option, or allow the button to work on selected message without the reading pane active.

Can you put the ability to add more than one video to a training campaign into version 2 like it was in version 1.

I would like to request the ability to save and continue a campaign that I'm creating. I can't always run through the steps from start to finish without interruptions (or need to gather info). In v1 there was no Save and Continue option, but the program saved the campaign automatically.

Allow support for users with naming convention of 'Last Name, First Name' in campaigns.

Currently {FirstName} variable resolves to the users 'Last Name,'

Recently noticed that Phish Threat campaigns that we're not able to manage the timeline to phish/training campaigns for less than a month. As the project Administrator, I should be able to dictate the duration of the testing campaign and not hard-limited to a month long campaign.

It would be glad to import existing real phishing mails (without the bad links). This would be much more realistic than sending the same fake thread the 3rd time

ability to enroll multiple users through CSV for a campaign instead of manually selecting them or avoid creating a user group manually.

Test the email flow to a specific user in phishing campaign within the campaign. Need to ensure the email is getting through the intended network's email filter. At the moment, we need to create a test campaign every time we test this.

Allow the ability to add multiple training modules per Training campaign (similar to V1 functionality).

When testing out campaign functionality it would be useful to be able to remove the Campaign (restricted to Super Admin).

It would be helpful to have the ability to sync users with the Azure AD so that new users will automatically be added for training/testing.

I'd like to see Sophos scan the "From" field and compare it to the names on our protected mailboxes. If the name matches, but the email address is not the protected mailbox, have the ability to modify the subject or reject the email. It would be even better if you could have a level of security on this so that an exact match on the name can trigger a more strict action like rejection.