Attack Simulation Training: User tags based targeting in simulations - now live!
Published Feb 03 2022 12:56 PM 3,869 Views

Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates the design and deployment of an integrated security awareness training program across an organization.


We have heard from customers about the requirement to run targeted simulations against a certain section of the organization such as priority accounts and today, we are very excited to announce the general availability of user tags-based targeting capability in Attack Simulation Training.


User tags are identifiers for specific groups of users (for example, priority accounts) in Microsoft Defender for Office 365. For more information, see User tags in Microsoft Defender for Office 365. Once you apply system tags or custom tags to users, you can use those tags as filters within alerts, reports, and investigation experiences. Going forward, you can also leverage these tags directly within the simulation creation experience. Organizations can use this capability to run targeted simulations against a specific group of users defined by pre-defined tags (such as priority accounts or others) and even set up simulation automations targeting these accounts at a said frequency!


You will find this capability within the simulation creation experience at the ‘Target users’ step.  Clicking on 'Add users' brings up a fly-out menu where the user tags are exposed directly.




You can select some or all the user tags and in turn, the users that these tags have been assigned to. In a matter of a few clicks, you can now run targeted simulations against these users. This capability is also available within the simulation automation experience, which can be used to run periodic simulations to understand user susceptibility.


In addition, there are a diverse set of existing options within the simulation creation experience already, which can be used to target users such as:

  • Seamless integration with Azure Active Directory, which makes it amazingly simple to target the whole enterprise or specific users and groups from Azure AD.
  • CSV-based imports to support organizations that prefer to use a flat file with a list of users to target over simulations.

You can find more detail on the various options to target users over a simulation here.  


We hope you find the updates useful as you continue your journey of end-user education and behavior change. If you have any comments or feedback, do let us know.


Try out Attack simulation training and learn how to get started in Microsoft Defender for Office 365!

Version history
Last update:
‎Feb 03 2022 12:56 PM
Updated by: