Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Exciting Feature Updates to Attack Simulation Training
Published Aug 04 2022 01:05 PM 7,395 Views

Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates the design and deployment of an integrated security awareness training program across an organization.


We have been hearing from a lot of our enterprise customers that payload technique variety is key to any long-term end user behavior change program.  To help facilitate we are pleased to announce two new payload techniques.


Oauth Payload Technique

A steadily growing phishing trend involves phishing emails which attempt to obtain a user's permissions via a hosted application.


Simply clicking on one allow button or hitting enter by mistake can significantly and semi-permanently allow a compromise a user's permissions via OAuth2 or other token-based authorization methods to access Office 365 accounts, to steal users' data.


Targets receive a well-crafted lure asking them to click a link which carries them to the legitimate Microsoft third-party apps consent page.


You can now launch a simulation using this type of technique, at the start of the simulation wizard you can now select it as shown below.

Oauth technique selection methodOauth technique selection method

You will then be given the option to further customize the payload, with a custom application name, image and scope (permissions being requested from the end user).



HTML Attachment Payload Technique

One of our most popular techniques that is used in simulation payloads has undoubtably been the Malware Attachment technique. 


There is now within this technique the ability to specify an alternative attachment type when you are creating your payloads, we now offer support for .docx and .html.


You will find this option on the payload configuration page, accessible via a drop-down menu allowing you to select an attachment type.




Finally, but by no means least we are pleased to announce support for Outlook client native "External Sender" tags.


Outlook External Sender Callouts

There are some built in indicators with Outlook clients that aim to help end users in identifying emails that have been sent into the organization from an external source. These indicators play an important part in your overall end user training and learning experience with regards to helping identify potential phishing emails.


You can now enable the native Outlook external sender callouts in simulation emails you send. To configure, simply navigate to the payload you are intending to use for a given simulation and enable the box highlighted below.




We hope you enjoy using the new features in a simulation. Looking forward to your experience and feedback!


Want to learn more about Attack Simulation Training?

Get started with the available documentation today and checkout the blogs for Setting up a New Phish Simulation Program-Part One and Part Two


Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum.

Version history
Last update:
‎Aug 17 2022 08:51 AM
Updated by: