![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 75%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKA%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Microsoft 365 Defender | Other | Other
An integrated threat protection solution designed to detect, investigate, and respond to cyber threats across Microsoft 365 services.
Microsoft Security training for Attack simulation training is delivered through the Microsoft Defender portal, which is part of the Microsoft Admin Portals app grouping in Conditional Access. Because the Conditional Access policy blocks non-admins from accessing Microsoft Admin Portals, targeted users are also blocked from opening the training.
To allow users to access only the Attack simulation training experience while still enforcing strong controls on admin access, adjust Conditional Access as follows:
- Keep the existing policy that targets Microsoft Admin Portals for admins (for example, require MFA for admin roles), rather than blocking all non-admin users from the Microsoft Admin Portals app.
- If a block policy is required, avoid applying a blanket Block access to all users for Microsoft Admin Portals. The documentation notes that this grouping is intended primarily for include scenarios (for example, enforcing MFA), not as a bulk exclusion mechanism for all backend services.
- Instead of blocking all non-admins from Microsoft Admin Portals, use Grant controls (such as MFA or Terms of use) for the Microsoft Admin Portals app and scope them to:
- Admin roles only (for example, Global Administrator, Security Administrator), or
- A security group that contains only admins.
- Ensure regular users are not included in any Block policy that targets Microsoft Admin Portals, so that when they follow the training link from Attack simulation training, they can reach the Microsoft Defender portal and complete the assigned modules.
If more granular separation is needed, use sign-in logs and Conditional Access audience reporting to identify the specific resource IDs used during training access, then refine policies accordingly. However, the documented and supported pattern is to use Microsoft Admin Portals for protecting admin access (typically with MFA), not to block all non-admin access.
References:
- Conditional Access: Target resources
- Microsoft-managed Conditional Access policies
- Require terms of use to be accepted before accessing Microsoft Admin Portals
- Get started using Attack simulation training
- Simulate a phishing attack with Attack simulation training
- Training campaigns in Attack simulation training
- Attack simulation training deployment considerations and FAQ