MS 365 Defender - phishing attack simulator payload

Copper Contributor

Not sure if this is the right place to post my question, so apologies upfront. 


My issue: I have been tasked with utilizing the phishing attack simulator in Defender. I am horrible at creating phishing emails (I suck at coding). I like it the attack simulator, it's a great tool. Though, I do wish there were better, more visually enticing payloads, or ones that a crafted a bit better to look more like spoofs or closer to some of the more effective real-world phish attempts I have seen. Even better, have a larger library that users can contribute to and share? 


My questions: 

1 - When editing/creating a payload, there are options of Current Event and Controversial. The documentation on does not go into any detail as to what this means, it just lists the possible values of Yes or No. What do these values mean?

2 - There are rather limited number of phishing payloads, particularly when filtered to certain kinds like Malware Attachement and so forth. Are there any updates to the payloads, broader library, or some kind of community repository to share custom payloads? 

2 Replies
If your goal is to have "real-life" examples of payloads targeting your tenant, and reuse them for simulations later on, take a look at the payload harvesting feature:

Excellent, I shall have to try this. Thank you. Do you know what the options Current Event and Controversial are? 


Sadly, I cannot do the harvest feature as my agency is not on that plan. The only things that show up in Automation is Simulation Automations, no Payload Automations. bummer. I have Plan 2, but do not see it.