How to setup automated attacks and training within Attack simulation training
Attack simulation training lets you run benign attack simulations on your organization to assess your phishing risk and teach your users how to better avoid phishing attacks. By following this guide, you can configure automated flows with specific techniques and payloads that run when the specified conditions are met, launching simulations against your organization.
What you need
- Microsoft Defender for Office 365 Plan 2 (included as part of E5).
- Sufficient permissions (Security Administrator role).
- 5-10 minutes to perform the following procedures.
Send a payload to target users
- Navigate to Attack simulation training.
- Choose Simulation automations from the top navigation bar.
- Press Create automation.
- Name the Simulation automation with something relevant and memorable. Next.
- Pick the techniques you'd like to use from the flyout. Next.
- Manually select up to 20 payloads you'd like to use for this automation, or alternatively select Randomize. Next.
- If you picked OAuth as a Payload, you need to enter the name, logo, and scope (permissions) you'd like the app to have when it's used in a simulation. Next.
- Choose who to target with the payload, if choosing the entire organization highlight the radio button. Next.
- Otherwise, select Add Users and then search or filter the users with the wizard, press Add Users. Next.
- Customize the training if appropriate, otherwise leave Assign training for me (recommended) selected. Next.
- Customize the landing page displayed when a user is phished if appropriate, otherwise leave as the Microsoft Default. Next.
- Choose if you'd like end user notifications, if so select the delivery preferences and customize where appropriate. Next.
- For Simulation schedule, you can either select Randomized or Fixed, the recommended option is Randomized, once selected, select Next.
- Depending on your choice of Randomized or Fixed, the schedule details can differ, but select preferences on the choice, including the start and end dates of the automation. Next.
- For Launch Details, select any final options you want, such as using unique payloads, or targeting repeat offenders and then select Next.
- Submit and the Simulation automation is set up.
Learn More
Full guidance can be found at Simulation automations for Attack simulation training - Office 365 | Microsoft Docs.