Announcing Attack Simulation Training in Microsoft Defender for Office 365

Published Sep 23 2020 11:50 AM 19.3K Views

We are excited to announce Attack Simulation Training in Microsoft Defender for Office 365 enters public preview today, empowering our customers to detect, quantify and reduce social engineering risk across their users. To watch the announcement and see the product in action tune into our session at Ignite 2020. 



Users falling prey to phishing is still one of the most common, impactful risks facing our customers today. Good technology stops most phishing attacks before they ever reach inboxes, but no technology can stop 100% of phishing attacks. Your employees are a crucial line of defense.  

Attack Simulation Training in Microsoft Defender for Office 365 is an intelligent social engineering risk management tool that empowers all your employees to be defenders. Using real phish to emulate the attacks your employees are most likely to see, it delivers security training tailored to each employee’s behavior in simulations. It automates the design and deployment of your security training program, saving the resource-strapped security teams time and resources. Innovative metrics like predicted compromise rate and training effectiveness quantify social engineering risk across the organization and enable strategic remediations. Engaging and context-aware security training, delivered through our partnership with Terranova Security reduces risky behavior. 



Today we are launching three capabilities in public preview: intelligent simulations, actionable insights, and impactful security training.  


Emulate real threats with intelligent simulations  

Intelligent simulations automate simulation and payload management, user targeting, schedule and cleanup. The security admin can launch a simulation with a click of a button in the Attack simulation Training tab in Microsoft 365 Security Center.  



Following the simple steps outlined in the workflow, the admin can pick from 4 different social engineering techniques and select the phish template from a list of real phish templates seen in their tenant. Optionally, if the admin prefers, they can upload their own template as well, and then select the users to whom the simulation will be sent.  





The admin can then assign training tailored to a user’s behavior in the simulation. Microsoft recommends training to assign based on learning pathways and our intelligence into which training is effective for which kinds of behavior. The admin can also choose to assign training themselves. For example, an admin may choose to assign 3 trainings to users who were compromised in the simulation but only 2 to those who clicked and 1 to all users. The landing page on which the end user will land to access this training are wholly customizable for the look and voice of your brand. Finally, the admin has the option to schedule the simulation to launch right away or at a later time, which can be customized by recipient time-zone.  




Reinforce your human firewall with impactful training  

 Terranova Security’s huge library of phish training content enables personalized and highly specific training targeting based on susceptibility score or simulationperformance. Nanolearningsmicrolearnings, and interactivity cater to diverse learning styles and reinforce awareness. Additionally, all trainings are available in 12+ languages and accessible to the highest standards to meet the needs of Microsoft’s global customers.  



When an employee clicks on the phishing link in a simulation, or give up their credentials, they will be directed to the landing page set up by the administrator. The landing page walks through the indicators of phishing that the employee missed and assigns them training, which can be completed right then within the product or scheduled for later in Outlook calendar. Regular reminders will prompt employees to complete assigned training until it is due.  


RukmaSen_4-1600804255755.pngAnalyse social engineering risk across employees with actionable insights  

The impact of training can be measured by the training effectiveness metric, which plots your organization’s actual compromise rate in a simulation against Microsoft’s predicted compromise rate. Overlay the dates of training completion and simulations to correlate which trainings caused a drop in compromise rate and evaluate their effectiveness. Gain visibility over your organization’s training completion and simulation status through completeness and coverage metrics and track your organization’s progress against the baseline predicted compromise rateEvery reporting dashboard can be filtered in different ways and exported for reporting 



Attack Simulation training helps you empower your people to identify and report social engineering attacks. Enable Attack Simulation Training in Private Preview now. To learn more, watch our Microsoft Ignite 2020 session 


Version history
Last update:
‎May 11 2021 03:44 PM
Updated by: