Attack Simulation Training is an intelligent social engineering phish risk reduction tool that measures behavior change and automates the deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan, and we also have a special teaser version available with Microsoft 365 E3.
We are excited to announce the release of Attack Simulation Write API functionality, a powerful tool for improving your organization's defense to phishing messages. This new API, available in beta, is part of Microsoft's Graph API suite and offers a range of new features and functionality. The highlights in this release are the ability to create and manage simulations directly through the API. It builds on our previous version of read APIs, providing organizations & partners with even more control and flexibility when it comes to simulating potential attacks on their systems.
Key benefits of this API are:
The API documentation can be found on Microsoft Learn.
Please note that certain properties are currently under development and will take on default settings when creating a new simulation. These include the default GitHub login page, Microsoft recommended training with a due date of 7 days after the simulation ends, Microsoft Landing Page Template 1, and default display of payload indicators in emails. No end-user notifications will be sent by default.
Upcoming functionalities include creating a new simulation using OAuth technique, customization of training, login page, landing page, payload indicators, and end-user notifications when creating a new simulation, and the ability to create and edit simulation automation.
With the updated set of features, the attack simulation API is more powerful and versatile than ever before. With access to user data, security data, device data, collaboration data, and other data types through the Microsoft Graph API, Security Administrators can create effective phishing simulations to identify vulnerabilities and improve the organization's overall security posture.
The Microsoft Graph Security API is usually accessed in one of the following ways:
More information on authentication and authorization basics for Microsoft graph can be found here.
To access Attack Simulation Training via Microsoft Graph APIs:
For more detailed information about security authorization, please see Authorization and the Microsoft Graph Security API.
Additionally, MSPs & CSPs will require obtaining least-privileged and time-bound access to Attack Simulation Azure AD roles with GDAP in order to manage their customers’ tenants (Granular delegated admin privileges).
Sample Powershell scripts:
To help Security Administrators quickly test out the attack simulation API, sample PowerShell scripts are available. These scripts cover two popular scenarios:
Please note that these scripts are only intended for testing purposes and should not be used in production environments.
While the APIs are in Beta, please do expect changes, enhancements, and improvements leading into General Availability. We look forward to continuing to improve and develop our API in the future. We are excited to see how you will take advantage of these new capabilities and look forward to your feedback.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.