Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan. As per the previous experience, users were directed to the Microsoft curated credential harvest login page when they fell prey to a Credential Harvest or a Link in Attachment phishing technique but as part of new experience, admin can now customize login page as per the theme of the payload. For example, a LinkedIn themed payload can be mapped with a LinkedIn login page.
We’re pleased to announce that these can now be and customized. Microsoft curated login pages will be available in 12+ languages whereas tenant login page can be created in a language of your choice.
How to create or access login page?
It is provided under Simulations Content Library->Login Pages which will be used to create, edit, copy, and delete login pages. Login pages are either Microsoft curated or customized by a customer.
You can also load these login pages while creating custom login pages as a template to avoid creating it from scratch.
Below are the four Microsoft curated login pages:
Image 1: Microsoft curated GitHub login page
Enables you to tailor the login page to your requirements in 12 languages. For example, include your own branding, next button, compromise button, messaging, HTML code, and more.
Login page can also be customized to create a data collection page like name, address or other information from the end user as per the need. No data is collected by this product once the user submits this information on the login page.
Image 2: Configure custom login page
How to use login page in simulations?
Login page is added to the select payload wizard which is renamed as ‘Select payload and login page’. It allows admin to choose from Microsoft defaults or customized login pages from the Login page tab on the preview page. All the payloads are mapped to the Microsoft default login page initially until admin chooses to map a different login page with the payload.
No credentials are saved in the product when the user submits the credentials in the login page.
Image 3: Select login page in a simulation
We hope you enjoy using the custom login page in a simulation. Looking forward to your experience and feedback!
Want to learn more about Attack Simulation Training?
Get started with the available documentation today and checkout the blogs for Setting up a New Phish Simulation Program-Part One and Part Two. In addition to these, you can read more details about new features in Attack Simulation Training.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.