Update: As of October 31, 2023, the status of the 'Create Simulation Graph' API has changed from beta to v1 (General Availability). Learn more
Attack Simulation Training is an intelligent social engineering phish risk reduction tool that measures behavior change and automates the deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan, and we also have a special teaser version available with Microsoft 365 E3.
We are excited to announce the release of Attack Simulation Write API functionality, a powerful tool for improving your organization's defense to phishing messages. This new API is now GA and is part of Microsoft's Graph API suite and offers a range of new features and functionality. The highlights in this release are the ability to create and manage simulations directly through the API. It builds on our previous version of read APIs, providing organizations & partners with even more control and flexibility when it comes to simulating potential attacks on their systems.
Key benefits of this API are:
The API documentation can be found on Microsoft Learn.
What’s new:
With the updated set of features, the attack simulation API is more powerful and versatile than ever before. With access to user data, security data, device data, collaboration data, and other data types through the Microsoft Graph API, Security Administrators can create effective phishing simulations to identify vulnerabilities and improve the organization's overall security posture.
Getting Started
The Microsoft Graph Security API is usually accessed in one of the following ways:
More information on authentication and authorization basics for Microsoft graph can be found here.
To access Attack Simulation Training via Microsoft Graph APIs:
For more detailed information about security authorization, please see Authorization and the Microsoft Graph Security API.
Additionally, MSPs & CSPs will require obtaining least-privileged and time-bound access to Attack Simulation Azure AD roles with GDAP in order to manage their customers’ tenants (Granular delegated admin privileges).
With the authentication and authorization model set-up, you are now ready to access data. You can get started using the Graph Explorer to study requests and responses or use Postman.
Sample Powershell scripts:
To help Security Administrators quickly test out the attack simulation API, sample PowerShell scripts are available. These scripts cover two popular scenarios:
Please note that these scripts are only intended for testing purposes and should not be used in production environments.
While the APIs are in Beta, please do expect changes, enhancements, and improvements leading into General Availability. We look forward to continuing to improve and develop our API in the future. We are excited to see how you will take advantage of these new capabilities and look forward to your feedback.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.