Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Customize login pages in Attack Simulation Training
Published Jun 02 2022 11:00 AM 7,920 Views
Microsoft

Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan. As per the previous experience, users were directed to the Microsoft curated credential harvest login page when they fell prey to a Credential Harvest or a Link in Attachment phishing technique but as part of new experience, admin can now customize login page as per the theme of the payload. For example, a LinkedIn themed payload can be mapped with a LinkedIn login page.

We’re pleased to announce that these can now be and customized. Microsoft curated login pages will be available in 12+ languages whereas tenant login page can be created in a language of your choice.

 

How to create or access login page?

It is provided under Simulations Content Library->Login Pages which will be used to create, edit, copy, and delete login pages. Login pages are either Microsoft curated or customized by a customer.

  1. Microsoft curated login page

You can also load these login pages while creating custom login pages as a template to avoid creating it from scratch.

Below are the four Microsoft curated login pages:

  1. Microsoft login page
  2. LinkedIn Login page
  3. GitHub Login page
  4. Non-branded login page

Richa_Sharma_0-1653967699335.png

Image 1: Microsoft curated GitHub login page

 

  1. Custom login page created by a customer (Tenant)

Enables you to tailor the login page to your requirements in 12 languages. For example, include your own branding, next button, compromise button, messaging, HTML code, and more.

Login page can also be customized to create a data collection page like name, address or other information from the end user as per the need. No data is collected by this product once the user submits this information on the login page.

  1. Select a language: Allows you to configure login page in 12 different languages
  2. Mark this the default login This default login page will be mapped to the payloads while creating a simulation.
  3. Create a two-page login: Allows you to create a two-page login page as opposed to one page login
  4. The “code” tab that comes along with the rich text editor can be leveraged for additional sophisticated design requirements using html code.
  5. Dynamic tag: Allows you to choose the users first name, last name, upn, email address date, training count, training due date, training duration, training details and payload. You can prefill the email address of the end user using dynamic tag in the login page. This will display respective users email address in the Email input field.
  6. Use from Default: Allows you to choose four different Microsoft default login pages with predefined formatting and make additional modifications as necessary.
  7. Add compromise button: Allows you to define or add a compromise button for the end user in the login page. Clicking on this button will trigger the compromise action. In case of two-page login, there will be an option to add next button on the first page and compromise button on the second page.
  8. Company Logo/images: The image embedded in the HTML code is base 64 encoded in RTE.
  9. Body: Allows you to create content/text of your choice.
  10. Preview login page: Allows the admin to preview the login page to validate the changes made in the login page.

 

Richa_Sharma_1-1653967699372.png

Image 2: Configure custom login page

 

How to use login page in simulations?

Login page is added to the select payload wizard which is renamed as ‘Select payload and login page’. It allows admin to choose from Microsoft defaults or customized login pages from the Login page tab on the preview page. All the payloads are mapped to the Microsoft default login page initially until admin chooses to map a different login page with the payload.

No credentials are saved in the product when the user submits the credentials in the login page.

 

Richa_Sharma_2-1653967699414.png

Image 3: Select login page in a simulation

 

We hope you enjoy using the custom login page in a simulation. Looking forward to your experience and feedback!

 

Want to learn more about Attack Simulation Training?

Get started with the available documentation today and checkout the blogs for Setting up a New Phish Simulation Program-Part One and Part Two. In addition to these, you can read more details about new features in Attack Simulation Training.

 

2 Comments
Co-Authors
Version history
Last update:
‎Jun 02 2022 09:10 AM
Updated by: