Blog Post

Security, Compliance, and Identity Blog
2 MIN READ

Attack Simulation Training: User tags based targeting in simulations - now live!

Gopal-MSFT's avatar
Gopal-MSFT
Icon for Microsoft rankMicrosoft
Feb 03, 2022

Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates the design and deployment of an integrated security awareness training program across an organization.

 

We have heard from customers about the requirement to run targeted simulations against a certain section of the organization such as priority accounts and today, we are very excited to announce the general availability of user tags-based targeting capability in Attack Simulation Training.

 

User tags are identifiers for specific groups of users (for example, priority accounts) in Microsoft Defender for Office 365. For more information, see User tags in Microsoft Defender for Office 365. Once you apply system tags or custom tags to users, you can use those tags as filters within alerts, reports, and investigation experiences. Going forward, you can also leverage these tags directly within the simulation creation experience. Organizations can use this capability to run targeted simulations against a specific group of users defined by pre-defined tags (such as priority accounts or others) and even set up simulation automations targeting these accounts at a said frequency!

 

You will find this capability within the simulation creation experience at the ‘Target users’ step.  Clicking on 'Add users' brings up a fly-out menu where the user tags are exposed directly.

                                        

                                                               

 

You can select some or all the user tags and in turn, the users that these tags have been assigned to. In a matter of a few clicks, you can now run targeted simulations against these users. This capability is also available within the simulation automation experience, which can be used to run periodic simulations to understand user susceptibility.

 

In addition, there are a diverse set of existing options within the simulation creation experience already, which can be used to target users such as:

  • Seamless integration with Azure Active Directory, which makes it amazingly simple to target the whole enterprise or specific users and groups from Azure AD.
  • CSV-based imports to support organizations that prefer to use a flat file with a list of users to target over simulations.

You can find more detail on the various options to target users over a simulation here.  

 

We hope you find the updates useful as you continue your journey of end-user education and behavior change. If you have any comments or feedback, do let us know.

 

Try out Attack simulation training and learn how to get started in Microsoft Defender for Office 365!

Updated Feb 03, 2022
Version 1.0
Attack Simulation Training
Microsoft Defender for Office 365
security
  • cammurray's avatar
    cammurray
    Icon for Microsoft rankMicrosoft
    Feb 07, 2022

    Hey Bent_Larsen 

    We are always adding new payloads and in different languages. AST has a theme of training end-users using relevant, real world phishing emails as this is the best way to reduce your organisations risk. Training your users using the same phish that they would see in a real-world phishing attack enables them to identify real/authentic phishing. Subsequently, we don't author the payloads ourselves but harvest actual payloads - majority of these are in English.

     

    If your organisation however receives a lot of payloads in Polish and German, consider setting up a payload harvesting simulation in your tenant. This enables you to take those phishing emails (in Polish and German) and use those in your campaigns! It's really simple to do so. Instructions here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-payload-automations?view=o365-worldwide

     

  • Bent_Larsen's avatar
    Bent_Larsen
    Copper Contributor
    Feb 04, 2022

    Can we expect Microsoft to add payloads in Polish and to add more payloads in German?

    Thanks 

    Bent Larsen

  • tkirwan's avatar
    tkirwan
    Copper Contributor
    Mar 10, 2022

    As a heads up when you try to add a Azure AD group it either doesnt add at all (with no message) or occasionally gives an error. I've never actually been able to pull an AAD group in. (Security or dynamic user)

  • Reid Culp's avatar
    Reid Culp
    Brass Contributor
    Mar 17, 2022

    Does Microsoft Attack Simulator exclude the admin who is setting up the simulation? I have tried to run two simulations and both seem to exclude me from the simulation (i.e., it did not send me an email). We are a small firm, and we need to document training for compliance purposes.

  • JJSS1's avatar
    JJSS1
    Copper Contributor
    Jan 18, 2024

    In MS Attack Simulator, is there a way to automate assigning security awareness training to new hires - e.g. auto assign a predefined set of training modules based on the user's start date.. or at least based on when the user's mailbox was created?

     

    I've been searching around and so far come up empty. I found this article which seemed like maybe tags would help, but if it still can't automatically create tags based on AAD attributes, using tags seems like even more work than assigning trainings to new hires manually by selecting them directly within attack simulator's campaign wizard

     

    We want to consider buying Defender for O365 P2 licenses, but without automation for new hire trainings, I think this is a dealbreaker for us, and we will probably go with Knowbe4 or Ninjio instead. But if this type of feature is on the roadmap, can you please provide a link to the roadmap, or at least a summary of what's coming in the near future? Thanks