Kurt Shintaku's Blog

Microsoft’s Attack Simulation ‘training’ service is a Premium Defender security service customers subscribe to as part of the licensing for one of the following:

• Microsoft 365 E5
• Microsoft 365 E3 + Microsoft 365 E5 Security
• Defender for O365 Plan 2

Phishing attacks for government customers are on the rise & organizations with one of the above should prioritize leveraging this service to help prevent phishing compromises. It’s essentially a service that among other things, creates & manages “fake phishing Exchange emails & Teams messages” in campaigns that get sent out to users that test their propensity to ‘click’ on attachments & links likely from bad actors & catalog the individuals the “click” on them – not to embarrass people, but rather to help educate people safely about the dangers of phishing.

Here’s a training video: 

• Attack Simulation Training with Microsoft (Official)
• Get Started With Microsoft Security Attack Simulation Training (My Microsoft coworker Harry Lowton’s video on using Attack Sim)

Here’s the documentation:

• Get started using Attack simulation training – Microsoft Defender for Office 365
• Simulate a phishing attack with Attack simulation training – Microsoft Defender for Office 365
  Admins can learn how to simulate phishing attacks and train their users on phishing prevention using Attack simulation training in Microsoft Defender for Office 365 Plan 2.
• Attack simulation training deployment considerations and FAQ – Microsoft Defender for Office 365
  Admins can learn about deployment considerations and frequently asked questions regarding Attack simulation and training in Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
• Insights and reports Attack simulation training – Microsoft Defender for Office 365
  Admins can learn how Attack simulation training in the Microsoft Defender portal affects users and can gain insights from simulation and training outcomes.
• Simulation automations for Attack simulation training – Microsoft Defender for Office 365
  Admins can learn how to create automated simulations that contain specific techniques and payloads that launch when the specified conditions are met in Microsoft Defender for Office 365 Plan 2.
• End-user notifications for Attack simulation training – Microsoft Defender for Office 365
  Admins can learn how to create end-user notification email messages for Attack simulation training in Microsoft Defender for Office 365 Plan 2.
• Landing pages in Attack simulation training – Microsoft Defender for Office 365
  Admins can learn how to create and manage landing pages for simulated phishing attacks in Microsoft Defender for Office 365 Plan 2.
• Payloads in Attack simulation training – Microsoft Defender for Office 365
  Admins can learn how to create and manage payloads for Attack simulation training in Microsoft Defender for Office 365 Plan 2.
• Microsoft Teams in Attack simulation training – Microsoft Defender for Office 365
  Admins can learn about the addition in Microsoft Defender for Office 365 Plan 2 of delivering simulated phishing attacks in Attack simulation training to Microsoft Teams.