Phishing attack simulator incorrectly emails people the message, "Because you were recently phished"

To take your points in order:

(a) in your pilot test, did you specify training for all recipients, those who clicked the payload or those who were fully compromised? What notification option did you choose? One problem with the simulator (as I last used it in December) is that a lot of the minor settings are not recorded in the simulation list. If for example you want a record of what training you have assigned, you are going to have to keep a manual record.

(b) is a danger. You have to recognise that the MS phishing simulator is a product being continuously improved, and if all of the changes are being announced in the O365 message center then I'm missing some of them. I use the simulator quarterly, and every time last year there were some new changes to take into account. I have even seen changes arrive in mid-simulation. Your only option is to test in advance, and once more just before you launch. Unless your security stack is MS from top to bottom, you need to do that anyway in case another security vendor has suddenly decided your chosen phishing URL is malicious.

(c) is a danger with any attack simulator. Weeks before you launch, you might consider sending out a general mail reminding recipients of the dangers of phishing and that regretfully the organisation has no choice but to conduct simulated tests for all staff. Explain that this is something all proactive organisations are adopting, and that the object is to train rather than catch people out. They will face the same dangers with their personal addresses. Be constructive and helpful; I use payloads of varying "difficulty" so no-one feels bad about falling for the trickier ones.