Forum Discussion

ItsUnknown's avatar
ItsUnknown
Copper Contributor
Jul 18, 2024
Solved

MDO Attack Simulation and false "positives."

In our last 3 attack simulations (MDO) we've sent out to employees, we've had increasingly more and more employees who are saying they didn't open the attachment and/or didn't click on the link. (Th...
  • ExMSW4319's avatar
    ExMSW4319
    Jul 22, 2024
    Return to your simulation in security.microsoft.com, pick your simulation, click the Users tab and Export the result. This will give you a CSV with the when, the IP and even the device details of each clicking user. You may find that you have third party client agents effectively clicking on links even though your users have not intentionally clicked them. The CSV also tells you if they are performing any remedial training you are assigning. You do not have to wait for the end of the campaign, though there may be some latency in the data in the export.
MarPas's avatar
MarPas
Brass Contributor
Jul 22, 2024

Hi @ItsUnknown

To verify why some users are receiving the training, follow these steps:

  1. Go to the campaign report.
  2. In the Users tab, filter by Training status.
  3. Check the Other actions column.

 

Resources