Attack simulation training public preview now open to all E3 customers

Published Nov 10 2020 09:17 AM 18.8K Views

At Ignite 2020, we announced the public preview of Attack simulation training in Microsoft Defender for Office 365. Delivered in partnership with Terranova Security, Attack simulation training is a premium feature available to Microsoft Defender for Office 365 P2, Microsoft 365 E5 and Microsoft Security E5 license holders. It empowers customers to detect, analyze and remediate phishing risk across their users. Today, we are opening the full public preview of Attack simulation training to all Microsoft 365 E3 and E5 customers to discover, quantify, and remediate social engineering risk across users. After Attack simulation training becomes generally available, all E3 customers will retain access to a trial version of the product which will include a smaller subset of capabilities.




In the new world of work, remote employees are crucial cybersecurity decision-makers. Empowering them with information and training is even more important now. Additionally, attackers have used the anxiety generated by COVID-19 and current events to increase the frequency and sophistication. Our customers need effective training that is fast and simple to deploy. Attack simulation training automates intelligent phishing simulations, targeted training and rich analytics to help our customers manage social engineering risk in the new world of work.


What is Attack Simulation Training (public preview)?

Attack simulation training empowers customers to accurately detect risk by phishing employees using constantly-updated real phish templates, with granular, context-specific targeting. Automated simulation creation, payload attachment, user targeting, schedule and cleanup simplify the process for Security Administrators. Rich reporting and analytics helps customers quantify social engineering risk and remediate it intelligently through strategic training programs. Metrics like coverage and completeness, training effectiveness and predicted compromise rate measure true behavior change and risk reduction. Terranova Security’s industry-leading phish training content reinforces the human firewall through hyper-targeted security training, designed to cater to diverse learning styles, available in 12+ languages and accessible to the highest standards.



Where can customers access Attack Simulation Training (public preview)?

Access the public preview of Attack simulation training in Microsoft Defender for Office 365 on your M365 Security and Compliance Center dashboard.

What happens after Attack simulation training is Generally Available? After Attack simulation training is Generally Available, E3 customers will retain access to a subset of core capabilities.









New Contributor

Are you able to schedule regular campaigns? We are able to schedule one off attacks, but it would be nice to be able to have a regular campaign that used multiple variants. Right now we have to go in every two weeks and set up a new one.


Love the training for phished users, had many tell me that it was very useful information.

Senior Member

Not working for me, an EDU customer with A3 licensing (equivalent to E3).  Says I don't have access to the page.

Frequent Contributor

Is it possible to give an update for the education tenants. I am getting the same error as @chris-hse 

Valued Contributor

Thank you @RukmaSen for sharing, I am very excited.


Thank you @Reza_Ameri-Archived 


@cjohnston At the moment you can only schedule one template within a campaign, but we have heard of the need for multiple templates and will definitely consider it when we are developing the product roadmap. As for scheduling, admins are able to schedule campaigns for any date and time they choose and enable time-zone aware delivery as well. 

Occasional Contributor

Here is my #1 issue with the attack simulator and I'm on my second ticket opened with Microsoft. 


For the life of us, we can't get the reporting to work for someone who has opened an attachment. The attack type is "Social Engineering  Link to Malware".  The user opens the attachment but the reporting only shows that they clicked the link.


Example attached. Zero users have opened the attachment.  This is not accurate because I've sat with a user and watched them open the attachment.Attachments.JPG



New Contributor

I'm having great problems trying to target staff with a simulation. Initially when trying to target all staff the simulation never moves past scheduled, even days later. I cut down the number of targets and rather than asking simulation to start immediately scheduled a time later today. That time has passed and status just says failed. No indication why it failed which really is useless. I appreciate this is in preview but right now it's not a service I'd be looking to purchase. Is it possible to find some more detailed information about job statuses, why failures occur and why they regularly don't move from scheduled?

Occasional Contributor

Is there a way to send someone the training if they delete the original training email? In other words, is there a URL to the training page?

New Contributor

I think you can just direct users here @Michael Platt


Regular Visitor

Would love to see this feature available on Microsoft 365 Business Premium license.

Senior Member

As i understand you require an E5 license or an Office 365 ATP (plan 2) to setup simulated attacks in the Security and Compliance center but do users in your organisation who you are targeting also need an E5 license or an Office 365 ATP (plan 2) or is it only the people who are setting up the simulated attacks who need it?

Senior Member

Will this be available for GCC ? We get an error when launching the simulation website " Service Unavailable in your tenant."

Version history
Last update:
‎May 11 2021 03:44 PM
Updated by: