Microsoft Attack simulator campaign emails should be sent in staggered way

Occasional Contributor

So currently if I launch a Simulation campaign, even if I Configure number of days to end simulation after 30 days and set a launch date and time. All emails to the users set to receive phishing campaign will receive emails all at the same time. This leads to users located in same office to discuss and figure out the campaigns and does not serve the purpose.

 

So here Microsoft needs to provide a way to set the number of emails to be sent at once or number of stages/steps in which the Simulation should be completed. In this way only some users will receive the emails at the same time and the campaign can be divided in a longer time span.

4 Replies
Been there, done that!

The last time I tried the simulation automation feature, it would send attacks of under 1,000 targets in batches of 100 and allegedly [MS PS] attacks of over 1,000 in batches of 1,000. Within a batch, mails arrive more or less at the same time. For many organisations, those threshold sizes aren't very helpful and you will get exactly the "water cooler discussion" problem that the simulator's own documentation refers to.

Your two choices are to (a) accept that this is a problem and employ multiple payloads at different times of the working week, or (b) divide your target list into multiple groups and hit those groups on different dates. Ideally you should be combining these methods anyway, but there's a good chance that simulation is just another fill-in task on your busy working schedule.
Thank you for the response.

Both the choices are tedious to implement, specially when you are gonna have to simulate the campaigns for 100k+ users across multiple countries. We have accepted it as a problem but we also hope that Microsoft will eventually actually utilize the simulation period asked for "Configure number of days to end simulation after" as a period over which the simulation will be running, in smaller threshold sizes and longer periods.

Agree with @Gaurav5kawde that Microsoft needs to implement this feature to make the simulations truly random.

 

A lot of vendors providing attack simulation services are charging less for more features and this is a feature that really makes or breaks attack simulations.

Totally agree. If all employees receive the mail at one moment, it is a guaranteed failure. Will anyone from Microsoft read or reply this, or is it just an end user forum?