Team: Huntress Managed Security Awareness Training (SAT)
Summary: This guide covers how to sync learners, ensure email deliverability, configure phishing reporting, and launch your baseline automation programs within Huntress Managed Security Awareness Training (SAT).
In this Article
Before You Begin
Ensure you have access to the following administrative systems before beginning configuration:
Administrator access to your target identity directory (ex: Microsoft Entra ID, Google Workspace, or Okta).
Administrative permission over your organizational email infrastructure, network perimeter filters, or secure email gateways (such as Mimecast).
Phase 1: Sync Your Learners
Automate user provisioning by linking your primary directory service directly to the platform.
Identify the core organizational staff members who require security awareness training.
In your primary identity directory (Microsoft Entra ID, Google Workspace), create a dedicated user group for your intended SAT audience.
Add your target learners to this new directory group.
Log in to the SAT management experience, navigate to the Providers setting, and select your provider.
-
Use an API-based directory sync configuration to map directly to your dedicated Microsoft or Google user group.
Other integration options that do not utilize API also exist for partners not using Microsoft of Google.
Enable automatic daily synchronization to ensure the platform continuously captures new employee profiles without manual intervention.
Cross-reference your active learner roster against your directory group count to isolate sync gaps.
Phase 1 Result
Directory sync is active for this environment or account.
The SAT learner list matches the intended directory group.
You can start tracking how many contracted learners are present in SAT.
Phase 2: Verify Email Deliverability
Configure your email perimeter filters to ensure training content and simulated scenarios reliably reach user inboxes.
Access your primary email security gateway or content filter system.
-
Apply the specific configuration properties for your platform architecture.
For Microsoft tenant, start with the Microsoft Catch-All guide to avoid the most common pitfalls.
In the SAT interface, select a live, monitored in-scope mailbox and trigger a Deliverability Test.
Confirm that the test payload arrives directly in the user inbox rather than falling into junk, spam, or quarantine folders.
Verify that all nested interactive elements and web links inside the test email load correctly.
If the payload fails to arrive or encounters delays, review your edge transport policies, adjust your allow list settings, and retest.
Phase 2 Result
A Deliverability Test has succeeded.
SAT messages can reliably reach inboxes for this environment or account.
Phase 3: Configure Report Phishing
Provide your staff with an integrated reporting path to log suspicious emails and track simulator metrics.
Configure your reporting address
Establish an easily recognizable internal reporting address for your domains (for example:
phishing@yourdomain.com).Set up a global mailbox rule to forward messages received at that address directly to the primary Huntress collection email:
report@phish.mycurricula.com.In the SAT interface, navigate to Settings and select the Phishing tab.
Locate the Report Phishing Service form and enter your internal reporting email address (
phishing@yourdomain.com).Send an ad-hoc simulated test email to a test user, forward the email to your internal address, and confirm that the event successfully logs within your active reporting window.
Using reporting buttons
-
Choose one of the following deployment paths for your user endpoints:
Option A (Recommended): Deploy the Huntress Outlook Ribbon Button or Reading Pane add-ins or the SAT Gmail Report a Phish add-on through your central admin console to insert the reporting button into user application screens.
Option B (Alternative): Configure the built-in native Microsoft 365 button to forward inbound threats to your internal reporting address. For Google Workspace, create a group or mailbox to forward to the Huntress collection email.
Send an ad-hoc simulated test email to a test user, click your configured reporting button from the mail client interface, and confirm that the event successfully logs within your active reporting window.
Phase 3 Result
At least one clear, supported way exists for Microsoft 365 or Google users in this environment or account to report phishing emails.
Reported Huntress simulations from Outlook and Google are logged in SAT and visible in reporting.
Phase 4: Enable Managed Learning and Managed Phishing
Activate your automated ongoing training modules and background phishing simulations.
-
Navigate to the Managed Learning window in the platform.
Turn on the module and verify that your configured target training audience matches your initial directory scoping rules.
Review your training cadence to confirm whether your environment requires monthly or quarterly lesson intervals before final save confirmation.
-
Navigate to the Managed Phishing window in the platform.
Enable automated simulation campaigns across your active environments.
Ensure your internal response teams understand that execution cycles stagger randomly across the month to accurately map human risk metrics.
Phase 4 Result
Managed Learning is enabled and will provide ongoing training.
Managed Phishing is enabled where appropriate, and will run regular phishing simulations.
Phase 5: Activate New Learner Essentials
Establish a standardized onboarding track that immediately welcomes new team members with foundational lessons.
In the platform dashboard, confirm your active synchronized user counts look accurate and resolve any open directory errors.
Open the Assignments management area and select the New Learner Essentials catalog track.
Bind your target audience permissions to match the users requiring immediate foundational security coaching.
Enable the Automatic Enrollment option to ensure any future synced directory profiles instantly receive their first course assignments without administrator intervention.
Verify success by selecting one or two newly onboarded profiles and checking that their account states display as actively enrolled.
Phase 5 Result
New Learner Essentials is active for this environment or account.
New learners will automatically receive baseline training as they sync into SAT .
Final Expectations
Your training framework is fully operational. Huntress Managed SAT is now dynamically tracking your employee directory boundaries, automated simulation campaigns are safely routed past your perimeter filters, and automatic enrollment vectors are online.