How to capitalize on your existing Microsoft environment to deliver security awareness training.

Are you looking for an effective, easy to maintain, and low-cost solution to deliver security awareness training to your team? Have you read our previous guides providing an overview of what’s required for an effective security awareness program?

If you have not, I recommend taking some time to review our detailed guidance on Designing, Developing, and Delivering meaningful training that also meets your compliance objectives. If you have, then you will notice that this guide serves as a continuation from our Delivery post. Specifically around providing Security Awareness Training to remote or unavailable staff.

It is my goal in this guide to provide you with that effective, low-cost solution that meets your compliance obligations. An aspect which has become much more relevant in a highly remote workforce we have all experienced.

Microsoft Provided Solution for Security Training

Generally, the articles I write or advice I provide is vendor agnostic. Meaning that it’s not targeted towards using any one vendor or solution but rather the implementation of the technological concepts (Intrusion Detection Systems, firewall vendors, antivirus solutions, etc.).

However, in this case, I have found that the infrastructure provided by Microsoft for their Office 365 customers merits special consideration. This is due largely to the number of clients I have encountered which already maintain O365 environments and the ease of use provided by its various integrations.

This guide will provide you with an effective way to deliver your training and assess your staff’s comprehension. If you have not yet identified your curriculum or developed your content you should revisit the above links.

Once you have identified the areas to be assessed, developed your curriculum, and have recorded your presentation, you are ready to capitalize on the following process.

Implementation in 7 Easy Steps

The critical elements which work together to provide this solution include Microsoft Forms and Microsoft Stream. Together, these products provide you with an effective way to present and record your staff’s response to security awareness training questions (using Microsoft Forms) as well as embedding your presentation into the assessment for a one-stop training experience.

Using Microsoft Forms

Step 1) Create a New Form

Microsoft Forms provides you with a customizable environment to provide questions by selecting “New Quiz”. This will serve as the assessment of your staff’s training comprehension.

Create New Training Form

Step 2) Fill Form with Content

Once you have created the new quiz, you will be able to generate your questions and correct responses. The number of questions, difficulty level (free response or multiple choice), minimum passing score, and content should be developed based on your unique curriculum identified in the Design phase.

Note: You can adjust the score weight of each question based on the difficulty.

Fill Out Form with Content

Step 3) Upload your Presentation

The process b which you record your presentation is outside the scope of this guide; however, I have found success using the Windows integrated Xbox Game Bar to record voice-over PowerPoints.  After recording your presentation, you will then upload your video to your Microsoft Stream environment using the Secure Upload feature (shown below). Note: You can also use YouTube to host your video as both links support natively within Microsoft Forms; however, given the possibly sensitive nature of the content you may want to control the access to your videos more closely, using Office 365.

Upload Presentation

Step 4) Embed Your Presentation

Whether you have used YouTube or Microsoft Stream to host your presentation, you can now embed your video within your Microsoft Form. You may find the direct link to your Microsoft Stream video by selecting the Share button next to your video.A

Add the highlighted link as a new section within your Microsoft Form assessment page, preferably at the top.

Embed Presentation

Step 5) Format and Functionality Verification

Once you have added all questions to your assessment and embedded the recorded presentation, you should verify the format and functionality of the form.

You can do this by selecting “Preview” on the top of the page. This will provide you with the view your staff members will see when taking the provided training.

Note: You should ensure that your embedded presentation can play unrestricted and is not prohibited by existing access rights.

Step 6) Disseminate

As required within your Security Awareness Training Policy, you should send out the newly created training material and quiz. This is usually done as part of the new hire process and every year thereafter. For new hires, I have found that integrating the access link to the quiz within onboarding tickets to be an effective method for communicating the training location.

The link to share may be located by selecting “Share” at the top right of your Form.

Send and Share Form

Note: You can also embed the Form within another page such as SharePoint, by generating a QR code, or by embedding directly within an email.

Step 7) Verify Completion

Once your staff completes the Security Awareness presentation and the assessment their results will be saved. An essential element for demonstrating compliance with your applicable frameworks.

Verify Completion

You can access all scores and completions by selecting “Responses” at the top of your Microsoft Form. There you will be able to see:

  • Number of Responses
  • Average Score
  • Current Status

Export a digest of all completions by selecting “Open in Excel”. This is a great way to communicate your training status to management and auditors. Also to follow up with outstanding team members.

Within the exported Excel workbook, you will see:

  • Start Time
  • Completion Time
  • Email of user
  • Name
  • Total Points
  • Answers are provided for each question.

By reviewing the answers to each question, you will be able to identify deficiencies in the communication and presentation of your Security Awareness training.

Summary

At this point, you should feel very comfortable providing your organization with effective security education. By following the process of Designing, Developing, and Delivering Security Awareness training outlined in our previous articles and implementing the above procedures you’ll have a complete program that leaves no doubt.

If you do find that your team requires assistance in developing a comprehensive program, don’t hesitate in contacting our team of experts!