KnowBe4
About KnowBe4
KnowBe4 is a Gartner Magic Quadrant Leader (December 2025) delivering the HRM+ (Human Risk Management) platform combining security awareness training, cloud email security (via Egress acquisition), and AI Defense Agents (AIDA). The platform includes Defend (inbound threat protection), Prevent (outbound DLP), Protect (encryption), and PhishER Plus (incident response). AIDA Orchestration provides fully autonomous phishing simulations adapting to individual risk profiles. Trusted by 70,000+ organizations with 13+ million users contributing to global threat intelligence. Users reduce risk scores by 3x with AIDA. Best for organizations prioritizing human-layer security with integrated email protection.
Why Notable
Global SAT leader; 70,000+ customers
Sector Coverage
Email Security: Evaluation & Deployment
| Gartner MQ Position (Dec 2025) | Leader |
|---|---|
| Gartner Peer Insights Score | 4.4 |
| Deployment Model | API-based |
| Pre-Delivery Blocking | Yes |
| MX Record Required | No |
| Deployment Speed | Minutes with native M365 integration |
| Supported Platforms | Microsoft 365, Google Workspace |
| Admin Console | Unified HRM+ Console |
| Licensing Model | Per-user subscription |
| Licensing Notes | Modular: Security Awareness Training, Cloud Email Security (Defend/Prevent/Protect), PhishER Plus |
| Primary Market | Mid-market, Enterprise |
| MSP Support | Yes - Partner Portal |
Feature Coverage
2025-2026 Updates
| 15% malicious email increase (2025) | full | Tracking threat evolution |
|---|---|---|
| 84% AI-based attacks detected | full | Advanced AI threat detection |
| Defend user base doubled (2025) | full | Rapid cloud email growth |
| KnowBe4 Deployment Center | full | Rapid product deployment tool |
AIDA
| Advanced reporting by role | full | AIDA includes reporting views aligned to organizational roles and executive audiences. |
|---|---|---|
| Executive reports | full | Executive-focused reporting is included in the AIDA experience. |
| Behavioral-data aggregation | full | AIDA leverages behavioral data across KnowBe4 products. |
| SmartRisk engine | full | Uses SmartRisk to prioritize risk and adjust interventions. |
| Automatic risk prioritization | full | Automatically prioritizes user risk. |
| Target-right-users logic | full | Targets the right users without manual analysis. |
| Adjust interventions automatically | full | Adapts interventions over time. |
| Goal-driven multi-agent model | full | Agents work individually and collectively under goal-driven model. |
| Continuous risk assessment | full | Continuously assesses human risk. |
| Personalized phishing delivery | full | Automatically delivers personalized phishing tests. |
| Personalized training delivery | full | Automatically delivers training at the individual level. |
| Adaptive interventions | full | AIDA uses adaptive interventions to scale human risk management. |
| Autonomous next-best action | full | AIDA uses autonomous next-best action to scale human risk management. |
| Cross-product signal fusion | full | AIDA uses cross-product signal fusion to scale human risk management. |
| Individualized testing cadence | full | AIDA uses individualized testing cadence to scale human risk management. |
| Individualized training cadence | full | AIDA uses individualized training cadence to scale human risk management. |
| Human-risk automation | full | AIDA uses human-risk automation to scale human risk management. |
AIDA AI Agents
| 3x risk score reduction | full | Demonstrated improvement with AIDA |
|---|---|---|
| 8 production AI agents (2026) | full | Comprehensive autonomous agent suite |
| AIDA Orchestration | full | Fully autonomous phishing simulation and training management |
| Custom SAPA Agent | full | Tailored security awareness measurement |
| Deepfake Training Agent | full | Custom deepfake training with organization leaders |
| PhishML Insights | full | AI email threat classification with confidence thresholds |
| SmartRisk Agent | full | 316 indicators across 37 factors for risk scoring |
AIDA Orchestration
| AIDA Orchestration | full | Moderator agent coordinating the other AIDA agents. |
|---|---|---|
| Continuous campaign orchestration | full | Continuously evaluates risk and triggers next-best action. |
| Auto-created phishing simulations | full | Automatically creates phishing simulations. |
| Auto-assigned training | full | Automatically assigns training. |
| Reinforcement triggers | full | Automatically triggers reinforcement based on need. |
| Per-user risk-profile tailoring | full | Actions are tailored to each user’s unique risk profile. |
| Admin guardrails via Plans | full | Admins set boundaries for testing frequency and training limits. |
| Training limits in Plans | full | Plans control training caps and boundaries. |
| User-group policies in Plans | full | Plans can define group-specific policies. |
| Autonomous execution within guardrails | full | AIDA executes on its own within defined boundaries. |
| Always-on HRM system | full | Designed to replace manual campaign management with continuous operation. |
API & Integrations
| KSAT Graph API | full | API access for Security Awareness Training. |
|---|---|---|
| KSAT product API token | full | KSAT APIs authenticate using product API token. |
| Read-only API token | full | Supports read-only token creation. |
| Read/write API token | full | Supports read/write token creation. |
| JSON API responses | full | API returns JSON by default. |
| PasswordIQ Graph API | full | API access for PasswordIQ. |
| PhishER Graph API | full | API access for PhishER. |
| SecurityCoach Graph API | full | API access for SecurityCoach. |
| KSAT iPaaS integrations | full | Allows integration-platform-based workflow automation. |
| Automated awareness workflows | full | Supports automated security-awareness workflows. |
| Groups data management | full | Integration flows can manage groups. |
| Users data management | full | Integration flows can manage user data. |
| Phishing data workflows | full | Integration flows can manage phishing data. |
| Training data workflows | full | Integration flows can manage training data. |
Administration & Governance
| Security Roles | full | Role-based administration for KSAT. |
|---|---|---|
| Least-privilege admin model | full | Restricts access by user group and permission level. |
| AIDA inherited permissions | full | AIDA agents inherit permissions from existing security roles. |
| Subscription details view | full | Account Information shows subscription details. |
| Organization information settings | full | Admins can update company name and organization info. |
| Business-hours setting | full | Account settings support business-hours configuration. |
| Console time-zone setting | full | Account settings support time-zone configuration. |
| Placeholders in phishing templates | full | Organization info populates phishing templates. |
| Placeholders in landing pages | full | Organization info populates landing pages. |
| Placeholders in training notifications | full | Organization info populates training notifications. |
Cloud Email Security
| Contextual warning banners | full | Real-time user education on suspicious emails |
|---|---|---|
| Defend - Inbound Protection | full | AI-powered anti-phishing for BEC and zero-day attacks |
| Native M365 integration | full | Minutes-to-deploy architecture |
| Patented contextual ML | full | Machine learning adapting to communication patterns |
| Prevent - Outbound DLP | full | Misdirected email and data exfiltration detection |
| Protect - Email Encryption | full | End-to-end encryption with policy enforcement |
| Inbound threat protection | full | Cloud Email Security blocks inbound phishing and malware threats. |
| Outbound email protection | full | Suite includes outbound protection against user error and data leakage. |
| Behavioral AI | full | Uses behavioral intelligence to detect advanced email threats. |
| Self-learning threat models | full | Models adapt over time to improve detection accuracy. |
| Business Email Compromise detection | full | Designed to detect BEC and impersonation threats. |
| Ransomware detection | full | Detects ransomware-related email threats. |
| Human-risk adaptive controls | full | Continuously assesses human risk to adapt policy controls. |
| Data-exfiltration prevention | full | Stops unauthorized data exfiltration via email. |
| Information barriers | full | Can enforce barriers to meet compliance requirements. |
| Live threat intelligence | full | Uses live threat intel and analytics to drive controls and training. |
| Microsoft 365 integration | full | Cloud email-security layer integrates with Microsoft 365. |
| Immediate value deployment | full | Positioned as fast to deploy in Microsoft 365 environments. |
| Mac support for M365 deployment | full | Microsoft 365 integration supports Mac users. |
| OWA support for M365 deployment | full | Microsoft 365 integration supports Outlook Web Access. |
| Layered M365 protection | full | Designed to catch threats Microsoft 365 misses. |
Compliance Plus
| 600+ compliance modules | full | Compliance Plus includes hundreds of training modules. |
|---|---|---|
| HIPAA training content | full | Supports legislative and privacy training such as HIPAA. |
| PCI training content | full | Supports PCI-related compliance training. |
| GDPR training content | full | Supports GDPR and privacy training. |
| Customizable content | full | Admins can incorporate their own policies and procedures. |
| Brandable modules | full | Training can be branded for the organization. |
| SCORM-compliant content upload | full | Admins can upload SCORM-compliant training and video content. |
| Learning aids | full | Includes newsletters, documents, posters, and reinforcement materials. |
| Short interactive modules | full | Uses short interactive modules to improve engagement. |
| Automated compliance campaigns | full | Supports fully automated compliance training campaigns. |
| Integrated with KnowBe4 training platform | full | Uses the same platform as security awareness training. |
| Privacy training | full | Library includes privacy-focused content. |
| Ethics training | full | Library includes ethics training. |
| DEI training | full | Library includes diversity, equity, and inclusion training. |
| Workplace safety training | full | Library includes workplace safety content. |
| Anti-discrimination training | full | Content teaches what discrimination looks like and how to stop it. |
| Harassment training | full | Covers sexual harassment and related topics. |
| Unconscious-bias training | full | Includes unconscious-bias topics. |
| Microaggressions training | full | Includes microaggressions topics. |
| Protected-characteristics training | full | Includes protected-characteristics topics. |
| Manager-specific compliance guidance | full | Includes manager actions for respectful workplaces. |
| Multiple content publishers | full | Library sources material from multiple publishers. |
| Real-life simulated scenarios | full | Uses realistic scenarios in content. |
| Multiple media formats | full | Supports different types of media format. |
| Reinforcement materials | full | Includes materials to reinforce training outcomes. |
| Business ethics training | full | Compliance Plus includes content covering business ethics requirements and employee behavior. |
| Harassment prevention training | full | Compliance Plus includes content covering harassment prevention requirements and employee behavior. |
| Data privacy training | full | Compliance Plus includes content covering data privacy requirements and employee behavior. |
| Workplace conduct training | full | Compliance Plus includes content covering workplace conduct requirements and employee behavior. |
| Protected characteristics training | full | Compliance Plus includes content covering protected characteristics requirements and employee behavior. |
| Manager responsibilities training | full | Compliance Plus includes content covering manager responsibilities requirements and employee behavior. |
| Policy awareness training | full | Compliance Plus includes content covering policy awareness requirements and employee behavior. |
Defend
| Inbound email contextual analysis | full | Evaluates inbound email context before delivery. |
|---|---|---|
| Relationship analysis | full | Assesses sender-recipient relationships to identify anomalies. |
| Message-content analysis | full | Inspects message content for threat signals. |
| Pre-inbox analysis | full | Analysis occurs before email reaches the inbox. |
| Future-breach actionability | full | Allows admins to identify and act on later-discovered breaches. |
| External sender banners | full | Adds banners to emails from outside the organization. |
| Colored threat banners | full | Banner colors indicate associated threat level. |
| Four banner categories | full | Supports four default banner-category levels. |
| Impersonation-attack detection | full | Detects spoofed domains and look-alike sender identities. |
| Real-time impersonation alerts | full | Highlights impersonation attacks to users in real time. |
| Sender-relationship awareness | full | Warns when mail appears to come from someone users have not previously contacted. |
| Supply-chain health insight | full | Threat intelligence includes supply-chain and sender-context insight. |
| Threat-type insights | full | Reporting includes attack-type, threat-level, authentication, and interaction detail. |
| Actionable dashboards | full | Simplified dashboards help admins prioritize impersonation risks. |
Egress / Cloud Email Security
| Egress acquisition completed | full | KnowBe4 completed the Egress acquisition in July 2024. |
|---|---|---|
| Human Risk Management integration with Egress | full | Acquisition was positioned as strengthening HRM with AI-driven email security. |
| Cloud Email Security added to HRM+ | full | KnowBe4 says Cloud Email Security products were added to HRM+ after the acquisition. |
| Leader-positioned email-security portfolio | full | KnowBe4 publicly positions acquired Egress email security within its broader email-security platform story. |
Free Tool
| Phishing Security Test | full | Free phishing test offering. |
|---|---|---|
| SecurityCoach Preview | full | Preview tool for coaching. |
| Training Preview | full | Preview of training content. |
| Program Maturity Assessment | full | Free human-risk assessment tool. |
| Weak Password Test | full | Free password-security assessment tool. |
| Compliance Training Library preview | full | Free preview access for compliance content. |
| Domain Spoof Test | full | Free email-spoofing/domain assessment tool. |
| Email Exposure Check Pro | full | Exposure/breach-check tool. |
| Domain Doppelgänger | full | Free domain-lookalike assessment tool. |
| RanSim | full | Ransomware-simulator tool. |
| BreachSim | full | Breach simulation tool. |
KnowBe4 HRM+
| HRM+ platform | full | AI-driven human risk management platform spanning awareness training, cloud email security, anti-phishing, coaching, compliance training, and AI agents. |
|---|---|---|
| Security Awareness Training | full | Core awareness-training capability for changing user behavior against phishing and social engineering. |
| Cloud Email Security | full | Email-security suite that dynamically adapts controls based on human risk signals. |
| Anti-Phishing | full | Phishing-response and pre-emptive anti-phishing capability centered on reported-email workflows. |
| Real-Time Coaching | full | Behavior-based coaching layer that delivers immediate feedback when risky actions are detected. |
| Compliance Training | full | Integrated compliance-training library and campaign capability. |
| AI Defense Agents (AIDA) | full | AI-native agent suite that automates and personalizes human risk management workflows. |
PasswordIQ
| Password vulnerability monitoring | full | Monitors users’ password-related vulnerabilities. |
|---|---|---|
| AD password-setting scan | full | Scans Active Directory password settings. |
| Breached-password comparison | full | Compares passwords against breached-password datasets. |
| Weak-password comparison | full | Compares against weak-password lists and databases. |
| Dashboard integration | full | Displays scan results in KSAT dashboard. |
| On-prem AD requirement | full | Requires on-premises Active Directory. |
| Entra ID incompatibility | full | Does not support Microsoft Entra ID. |
| Hashed-password handling | full | Never displays unhashed user passwords. |
| Product enablement via Account Integrations | full | Enabled from KSAT Account Settings. |
Phish Alert Button
| Phish Alert Button | full | Lets users report suspicious email from supported mail clients. |
|---|---|---|
| Optional send-us-a-copy setting | full | Reported non-simulated emails can be forwarded to KnowBe4 and designated addresses. |
| Multiple PAB instances | full | Supports more than one PAB instance. |
| Selectable PAB version | full | Admins choose which PAB version to configure. |
| Microsoft 365 Defender integration toggle | full | Microsoft PAB version can enable Defender integration. |
| Automatic PAB activation for Google | full | Google PAB can support automatic activation. |
| Account-integrated enablement | full | PAB is enabled from account integrations settings. |
PhishER
| SOAR platform for reported email | full | PhishER is a SOAR platform that manages user-reported emails. |
|---|---|---|
| Reported-email inbox | full | User-reported emails flow into the PhishER Inbox. |
| Customized rules engine | full | Rules analyze email components for malicious content or red flags. |
| Tagging engine | full | Emails receive tags when rules match. |
| Tag-triggered actions | full | Tags trigger automated actions. |
| Automatic dispositioning | full | Platform can automatically disposition messages. |
| PhishER Blocklist | full | Blocks similar malicious or spam emails from reaching inboxes. |
| PhishRIP | full | Removes similar malicious or spam emails already in inboxes. |
| PhishFlip | full | Turns reported emails into KSAT phishing templates and campaigns. |
| Malicious-element removal for PhishFlip | full | Cleans malicious elements before reusing emails in training. |
| Third-party analysis integrations | full | Integrates with analysis tools such as VirusTotal and Syslog. |
| Standalone deployment | full | PhishER can be used standalone. |
| Combined KSAT workflow | full | PhishER works best when integrated with KSAT. |
| PhishER workflow onboarding | full | Quickstart guides admins through report, identity, disposition, block, rip, and flip workflow. |
| Inbox management UI | full | Admins can view and manage reported emails in the Inbox. |
| Manual reports ingestion | full | Inbox accepts emails reported manually by users. |
| PAB reports ingestion | full | Inbox accepts emails reported via the Phish Alert Button. |
| Logical-expression rules | full | Rules use logical expressions to automate message handling. |
| Auto-disposition by rules | full | Rules can automatically disposition messages. |
| Auto-tagging by rules | full | Rules can apply tags that trigger further actions. |
| Rules tab management | full | Rules are created and managed from dedicated rules interface. |
| CrowdStrike Falcon Sandbox integration | full | Submits files and URLs for sandbox analysis and returns malware analysis reports. |
| Reported-email triage | full | Operational capability within the reported-email response workflow. |
| Automated tagging | full | Operational capability within the reported-email response workflow. |
| Automated actions | full | Operational capability within the reported-email response workflow. |
| Blocklist-driven prevention | full | Operational capability within the reported-email response workflow. |
| Mailbox remediation | full | Operational capability within the reported-email response workflow. |
| Training conversion from attacks | full | Operational capability within the reported-email response workflow. |
PhishER Plus
| 650% first-year ROI | full | Demonstrated return on investment |
|---|---|---|
| One-click remediation | full | Fast threat removal across all mailboxes |
| PhishER Threat Intel | full | Real-time web threat reputation |
| PhishFlip | full | Convert real attacks to safe simulations |
| PhishRIP quarantine | full | Email quarantine integrated with M365/Google |
| Automated threat categorization | full | Uses trained analysis to identify and categorize reported emails. |
| One-click remediation across all mailboxes | full | Supports rapid organization-wide remediation. |
| PhishRIP-based mailbox cleanup | full | Eliminates threats from all mailboxes with PhishRIP. |
| Transforms real attacks into training | full | PhishFlip turns reported attacks into training simulations. |
| Would-have-fallen-for-it visibility | full | Shows which users might have fallen victim before removal. |
| Crowdsourced intelligence from 13+ million users | full | Leverages broad community reporting for protection. |
| Global threat intelligence | full | Combines crowdsourced data with KnowBe4 Threat Research Lab. |
| 99% response-time reduction claim | full | Positions itself as reducing response time dramatically. |
| 95% email-analysis time reduction claim | full | Promotes major analyst-efficiency improvements. |
| 90% auto-categorization claim | full | Claims most reported emails are auto-categorized. |
| 80% workload reduction claim | full | Claims large decrease in email-analysis workload. |
| 650% first-year ROI claim | full | Promotes quantified ROI from deployment. |
| 15% data-breach-risk reduction claim | full | Promotes risk reduction outcome. |
| Transparent decision-making | full | Emphasizes explainable workflows and visibility. |
| Customizable workflows | full | Supports customer-defined response flows. |
| Human observation plus AI analysis | full | Combines human reporting and AI analysis. |
| Global Blocklist | full | Uses crowdsourced reports to block threats. |
| Global PhishRIP | full | Uses crowdsourced threats to remove similar emails globally. |
| KnowBe4 Threat Research Lab validation | full | Threat feed entries are validated by internal research team. |
| Seamless integrations ecosystem | full | Publicly highlights integrations with multiple security vendors. |
| VirusTotal integration highlight | full | Vendor ecosystem highlights VirusTotal. |
| Cortex XSOAR integration highlight | full | Vendor ecosystem highlights Cortex XSOAR. |
| SeeMetrics integration highlight | full | Vendor ecosystem highlights SeeMetrics. |
| Cyren integration highlight | full | Vendor ecosystem highlights Cyren. |
| Blumira integration highlight | full | Vendor ecosystem highlights Blumira. |
| Revelstoke integration highlight | full | Vendor ecosystem highlights Revelstoke. |
| Swimlane integration highlight | full | Vendor ecosystem highlights Swimlane. |
| Tines integration highlight | full | Vendor ecosystem highlights Tines. |
| INKY integration highlight | full | Vendor ecosystem highlights INKY. |
| CrowdStrike integration highlight | full | Vendor ecosystem highlights CrowdStrike. |
| Fortinet integration highlight | full | Vendor ecosystem highlights Fortinet. |
| PhishER upgrade option | full | Available as a subscription or upgrade on PhishER. |
| Auto-block validated threats | full | Automatically blocks validated threats before delivery. |
| Global Blocklist mail-server connection | full | Connects Microsoft 365 mail server to Global Blocklist. |
| Global PhishRIP pre-report removal | full | Removes threats before they are even reported internally. |
| Third-party analysis tool integration | full | Supports tools such as CrowdStrike for added scans and evaluation. |
| Workflow: Report step | full | Documented as part of the PhishER Plus processing workflow. |
| Workflow: Identity step | full | Documented as part of the PhishER Plus processing workflow. |
| Workflow: Disposition step | full | Documented as part of the PhishER Plus processing workflow. |
| Workflow: Block step | full | Documented as part of the PhishER Plus processing workflow. |
| Workflow: Rip step | full | Documented as part of the PhishER Plus processing workflow. |
| Workflow: Flip step | full | Documented as part of the PhishER Plus processing workflow. |
Platform Intelligence
| 13M+ global user intelligence | full | Crowdsourced threat detection |
|---|---|---|
| 15 years behavioral data | full | Deep historical threat intelligence |
| 70,000+ organizations | full | Global customer threat sharing |
Portfolio Positioning
| Defend product listing in corporate nav | full | Defend appears as a public product under Email Security. |
|---|---|---|
| Prevent product listing in corporate nav | full | Prevent appears as a public product under Email Security. |
| Cloud Email Security in corporate nav | full | Cloud Email Security is listed as core platform offering. |
| Crowdsourced anti-phishing positioning | full | Corporate positioning includes crowdsourced anti-phishing. |
Prevent
| Accidental-send prevention | full | Helps users avoid email mistakes and misdirected sends. |
|---|---|---|
| PII-sharing prevention | full | Advises on the risk of sharing personally identifiable information by email. |
| Historical behavior analysis | full | Learns user behavior trends to detect anomalies. |
| Domain hygiene analysis | full | Uses recipient-domain hygiene as part of risk scoring. |
| DLP rule support | full | Combines DLP rules with behavioral analysis. |
| User risk opinion | full | Generates an opinion on the risk level of an outbound email. |
| Policy engine | full | Policy engine decides how to act on Prevent’s opinion. |
| Metadata ingestion and storage | full | API component ingests and stores metadata for learning and decisions. |
| User prompts | full | Prompts users according to policy before risky messages are sent. |
| Behavior-trend learning | full | Prevent uses behavior-trend learning to reduce accidental email data loss. |
| Recipient anomaly detection | full | Prevent uses recipient anomaly detection to reduce accidental email data loss. |
| Recipient-domain analysis | full | Prevent uses recipient-domain analysis to reduce accidental email data loss. |
| Outbound DLP opinioning | full | Prevent uses outbound dlp opinioning to reduce accidental email data loss. |
| Risk prompts before send | full | Prevent uses risk prompts before send to reduce accidental email data loss. |
| Policy-driven warning logic | full | Prevent uses policy-driven warning logic to reduce accidental email data loss. |
Protect
| Secure email encryption | full | Provides secure encrypted email for sensitive communications. |
|---|---|---|
| Outlook add-in integration | full | Hooks into Microsoft 365 using Outlook add-ins. |
| COM add-in support | full | Supports COM add-in deployment model. |
| Web add-in support | full | Supports Outlook web add-in deployment model. |
| API integration | full | Integrates using API connectivity. |
| Integrated Cloud Email Gateway integration | full | Can integrate with the cloud email gateway layer. |
| Purview Information Protection integration | full | Uses Microsoft Purview labels to automate encryption and access controls. |
| Account compromise protection | full | Messages remain protected even if the M365 account is compromised. |
| Large file transfer | full | Supports secure large file transfer via encrypted cloud delivery. |
| 256-bit AES encryption | full | Uses AES-256 encryption for stored and transferred content. |
| Commercial Product Assurance certification | full | Advertises CPA certification. |
| FIPS 140-2 certification | full | Advertises FIPS 140-2 certification. |
| ISO 27001 certification | full | Advertises ISO 27001 certification. |
| Malware scanning for uploaded files | full | Scans large-file transfers and portal uploads for malicious activity. |
| Secure message portal | full | Supports web-based secure-message workflows. |
| Secure supply-chain rules | full | Allows automated rules for trusted organizations and supply-chain communication. |
| Gateway encryption | full | Encrypts mail at the gateway. |
| Desktop encryption | full | Encrypts mail at the desktop for internal and external content. |
| Multi-factor authentication | full | Uses MFA to strengthen access security. |
| Automatic policy-based encryption | full | Can automatically encrypt messages based on policy. |
| Sender-initiated encryption | full | Users can proactively secure email. |
| Access restrictions | full | Can restrict edit, copy/paste, and local download rights. |
| Flexible recipient authentication | full | Recipients can use multiple authentication methods. |
| Egress credentials access | full | Recipients can log in with Egress credentials. |
| Shared-secret access | full | Recipients can open messages using shared secret verification. |
| One-click access | full | Recipients can use one-click access flows. |
| Biometric access | full | Supports fingerprint or Face ID access for recipients. |
| Microsoft identity access | full | Recipients can use Microsoft identities. |
| Google identity access | full | Recipients can use Google identities. |
| Recipient trust via machine learning | full | ML evaluates recipient profile, domain, location, and IT signals. |
| Trusted-recipient seamless access | full | Trusted recipients can access content with reduced friction. |
| User empowerment controls | full | Users can manage their own data-access decisions. |
| Policy override | full | Users can override policy controls when appropriate. |
| Real-time post-send access revocation | full | Users can revoke access after sending. |
| Time-based access restrictions | full | Can restrict access by time. |
| Geolocation-based access restrictions | full | Can restrict access by location. |
| Granular message controls | full | Can restrict save, copy/paste, forward, or print. |
| Anywhere access | full | Secure email can be sent and managed from Outlook, OWA, and mobile. |
| Security visibility reporting | full | Shows who sends sensitive information and whether it is accessed. |
| Supply-chain insight reporting | full | Shows top domains used for secure communication. |
| Usage and adoption reporting | full | Tracks Protect deployment usage and adoption. |
| Classification-label reporting | full | Shows top classification labels used for secure mail. |
| Audit reports | full | Tracks message access and events for investigation and compliance. |
| Flexible deployment options | full | Supports cloud, hybrid, and on-prem environments. |
| Standalone deployment without gateway | full | Can deploy without an integrated cloud email gateway. |
| Rapid user onboarding | full | Can onboard users quickly through Active Directory. |
| SSO support | full | Supports Azure AD, ADFS, and SAML SSO providers. |
| Protect web add-in deployment | full | Guide covers deployment to Microsoft 365 users. |
| Real-time guidance on send | full | Add-in delivers real-time guidance when sending emails. |
| Consistent protection across devices | full | Add-in supports OWA, Mac, and Windows. |
| Compose secure messages in portal | full | Admins/users can create secure email directly in portal. |
| Save secure-message drafts | full | Secure Message Portal supports draft saving. |
| Secure external communication | full | Protect includes secure external communication as part of secure message delivery and control. |
| Recipient-access audit trail | full | Protect includes recipient-access audit trail as part of secure message delivery and control. |
| Trusted-domain communication rules | full | Protect includes trusted-domain communication rules as part of secure message delivery and control. |
| Message-level rights management | full | Protect includes message-level rights management as part of secure message delivery and control. |
| Attachment protection in portal uploads | full | Protect includes attachment protection in portal uploads as part of secure message delivery and control. |
| Hybrid deployment support | full | Protect includes hybrid deployment support as part of secure message delivery and control. |
| On-prem deployment support | full | Protect includes on-prem deployment support as part of secure message delivery and control. |
| Cloud deployment support | full | Protect includes cloud deployment support as part of secure message delivery and control. |
Security Awareness Training
| Localized content in 35 languages | full | Training library includes localized content in dozens of languages for global programs. |
|---|---|---|
| AI-driven simulated phishing | full | Simulated phishing and training adapt to users and support ongoing awareness programs. |
| Enterprise-grade reporting | full | Reporting and analytics track program effectiveness and user outcomes. |
| User testing and assessments | full | Assessments and user testing help quantify knowledge and behavior change. |
| Phish-prone Percentage benchmark | full | Tracks phish-prone rate and program improvement over time. |
| KnowBe4 Learner App | full | Mobile learner application for users to complete training from smartphones or tablets. |
| Training Access Level I | full | Access tier for core awareness modules and newsletters. |
| Automated Training Campaigns | full | Automates training rollout and reminder emails. |
| Content Manager | full | Controls branded themes, passing score, test-out, and skip settings. |
| Assessments | full | Measures user knowledge and culture baselines. |
| AI-Recommended Training | full | Uses AI to recommend training content. |
| Dashboard tab | full | Top-level reporting dashboard for risk score and phishing results. |
| Risk Score widget | full | Widget summarizing organizational human-risk scoring. |
| Phishing reports | full | Reports on phishing campaign results and user behavior. |
| Campaign graph hover details | full | Graph drill-down shows campaign counts and user actions. |
| CSV report export | full | Reports can be generated as CSV files. |
| PDF report export | full | Reports can be generated as PDF files. |
| SmartRisk new-user bias tuning | full | Risk Score logic can now remove new-user bias when secure events occur within first 90 days. |
| Second Chance update cadence | full | Second Chance receives periodic client updates and bug fixes. |
| Email Exposure Check Pro report customization | full | EEC Pro reports can limit old breaches, ignore selected users, and mark breaches resolved. |
| Time Zone Source setting | full | Account-level choice between browser-detected time zones and manual time-zone settings. |
| Track SCORM interactions | full | Can send users’ responses in interactive SCORM activities to the LMS. |
| Student Edition | full | Student-focused awareness-training edition was added to the platform. |
| Dashboard design improvements | full | Dashboard received wider view and more consistent UI. |
| MobileMind integration | full | Integration sends KnowBe4 training data into MobileMind. |
| Anecdotes integration | full | Integration sends phishing, training, and user data to anecdotes for compliance workflows. |
| Okta connector integration | full | Integration allows reporting data use in Okta workflows. |
| Noetic Cyber integration | full | Integration pulls phishing and training data into Noetic Cyber. |
| Detailed phishing failure types | full | Standard report email now lists specific failure types such as QR code and macros enabled. |
| Smart Groups | full | Dynamic grouping capability available in console. |
| Language filter in ModStore | full | Content library filtering by language. |
| Free USB Test | full | USB-based social-engineering test tool availability. |
| Social Engineering Indicators (SEI) | full | Indicator feature introduced to support awareness reporting. |
| User groups view | full | User profile shows group membership. |
| Individual Phish-prone Percentage | full | User profile includes per-user phish-prone metrics. |
| Simulated phishing counts | full | Tracks how many phishing tests each user received. |
| Failure counts | full | Tracks failures from simulated phishing tests. |
| Reported-phish counts | full | Tracks reported simulated phishing emails. |
| Failure-type graph | full | Graph shows each user's failure types. |
| QR-code phishing tests | full | Simulates QR-based phishing attacks. |
| QR Code template topic | full | Dedicated template topic for QR campaigns. |
| AI-selected automated template selection | full | Can use AI-selected templates. |
| Full Random automated template selection | full | Can use full-random template selection. |
| Random automated template selection | full | Can use random template selection. |
| Specific Template selection | full | Can use specific template choice. |
| Data-entry landing pages | full | Can test whether users submit data after scanning. |
| QR-scan result tracking | full | Tracks scans and post-scan actions in console. |
| Phishing awareness content | full | Training library and reinforcement materials cover phishing topics as part of awareness programming. |
| Spear phishing awareness content | full | Training library and reinforcement materials cover spear phishing topics as part of awareness programming. |
| Ransomware awareness content | full | Training library and reinforcement materials cover ransomware topics as part of awareness programming. |
| Business Email Compromise awareness content | full | Training library and reinforcement materials cover business email compromise topics as part of awareness programming. |
| CEO fraud awareness content | full | Training library and reinforcement materials cover ceo fraud topics as part of awareness programming. |
| Password security awareness content | full | Training library and reinforcement materials cover password security topics as part of awareness programming. |
| VPN safety awareness content | full | Training library and reinforcement materials cover vpn safety topics as part of awareness programming. |
| Remote-work security awareness content | full | Training library and reinforcement materials cover remote-work security topics as part of awareness programming. |
| Social engineering awareness content | full | Training library and reinforcement materials cover social engineering topics as part of awareness programming. |
| Multi-factor authentication awareness content | full | Training library and reinforcement materials cover multi-factor authentication topics as part of awareness programming. |
| Mobile security awareness content | full | Training library and reinforcement materials cover mobile security topics as part of awareness programming. |
| Device security awareness content | full | Training library and reinforcement materials cover device security topics as part of awareness programming. |
| Safe browsing awareness content | full | Training library and reinforcement materials cover safe browsing topics as part of awareness programming. |
| Data handling awareness content | full | Training library and reinforcement materials cover data handling topics as part of awareness programming. |
| Privacy awareness awareness content | full | Training library and reinforcement materials cover privacy awareness topics as part of awareness programming. |
| Credential hygiene awareness content | full | Training library and reinforcement materials cover credential hygiene topics as part of awareness programming. |
| Deepfake awareness awareness content | full | Training library and reinforcement materials cover deepfake awareness topics as part of awareness programming. |
| QR-code awareness awareness content | full | Training library and reinforcement materials cover qr-code awareness topics as part of awareness programming. |
| Malware awareness awareness content | full | Training library and reinforcement materials cover malware awareness topics as part of awareness programming. |
| Insider-risk awareness awareness content | full | Training library and reinforcement materials cover insider-risk awareness topics as part of awareness programming. |
| Campaign summary charts | full | Program reporting supports campaign summary charts within the KSAT console. |
| User-action visibility | full | Program reporting supports user-action visibility within the KSAT console. |
| Risk-trend review | full | Program reporting supports risk-trend review within the KSAT console. |
| PDF reporting for management | full | Program reporting supports pdf reporting for management within the KSAT console. |
| CSV export for analysis | full | Program reporting supports csv export for analysis within the KSAT console. |
| Dashboard-driven insight | full | Program reporting supports dashboard-driven insight within the KSAT console. |
SecurityCoach
| Real-time coaching | full | Provides immediate feedback at the moment risky behavior occurs. |
|---|---|---|
| API-based vendor integrations | full | Integrates with existing security stack through APIs. |
| Built-in detection rules | full | Includes out-of-box detection rules for risky behavior. |
| Customizable detection rules | full | Security teams can customize the behaviors to track. |
| Coaching dashboard | full | Built-in dashboard summarizes coaching campaigns. |
| Detailed coaching reporting | full | Reporting shows detection rules and security events. |
| SecurityTips via Microsoft Teams | full | Can send real-time coaching tips in Teams. |
| SecurityTips via Slack | full | Can send coaching tips in Slack. |
| SecurityTips via Google Chat | full | Can send coaching tips in Google Chat. |
| SecurityTips via email | full | Can send coaching notifications by email. |
| Student Edition for SecurityCoach | full | Student-oriented coaching edition is available. |
| SecurityCoach release tracking | full | Public change log tracks new, updated, deprecated, or removed features. |
| Teams coaching channel | full | SecurityCoach supports teams coaching channel as part of real-time behavior coaching. |
| Slack coaching channel | full | SecurityCoach supports slack coaching channel as part of real-time behavior coaching. |
| Google Chat coaching channel | full | SecurityCoach supports google chat coaching channel as part of real-time behavior coaching. |
| Email coaching channel | full | SecurityCoach supports email coaching channel as part of real-time behavior coaching. |
| Coaching campaign summaries | full | SecurityCoach supports coaching campaign summaries as part of real-time behavior coaching. |
| Detected security event summaries | full | SecurityCoach supports detected security event summaries as part of real-time behavior coaching. |
SmartRisk
| SmartRisk Agent | full | Agent provides deeper analysis of organizational strengths and weaknesses. |
|---|---|---|
| Tailored recommendations | full | SmartRisk gives tailored recommendations. |
| Phishing-vulnerability identification | full | Helps identify users more vulnerable to phishing. |
| Training-effectiveness review | full | Helps review the effectiveness of awareness training. |
| Risk Score analytics | full | Provides risk-scoring capability. |
Student Edition
| Student Edition | full | Awareness-training edition for students age 16+. |
|---|---|---|
| Student-focused personalized training | full | Personalized student training and simulated phishing. |
| Computer and mobile device security training | full | Covers device-security vulnerabilities. |
| Password hygiene training | full | Covers password hygiene. |
| Multi-factor authentication training | full | Covers MFA usage. |
| Student phishing and social-engineering training | full | Covers phishing and social-engineering threats. |
| Social media and oversharing training | full | Covers oversharing risk. |
| Campus-scam training | full | Covers campus-targeted scams. |
| Travel and off-campus security training | full | Covers security for travel and off-campus activities. |