Announcing Attack Simulation Training in Microsoft Defender for Office 365

Published Sep 23 2020 11:50 AM 18.1K Views

We are excited to announce Attack Simulation Training in Microsoft Defender for Office 365 enters public preview today, empowering our customers to detect, quantify and reduce social engineering risk across their users. To watch the announcement and see the product in action tune into our session at Ignite 2020. 



Users falling prey to phishing is still one of the most common, impactful risks facing our customers today. Good technology stops most phishing attacks before they ever reach inboxes, but no technology can stop 100% of phishing attacks. Your employees are a crucial line of defense.  

Attack Simulation Training in Microsoft Defender for Office 365 is an intelligent social engineering risk management tool that empowers all your employees to be defenders. Using real phish to emulate the attacks your employees are most likely to see, it delivers security training tailored to each employee’s behavior in simulations. It automates the design and deployment of your security training program, saving the resource-strapped security teams time and resources. Innovative metrics like predicted compromise rate and training effectiveness quantify social engineering risk across the organization and enable strategic remediations. Engaging and context-aware security training, delivered through our partnership with Terranova Security reduces risky behavior. 



Today we are launching three capabilities in public preview: intelligent simulations, actionable insights, and impactful security training.  


Emulate real threats with intelligent simulations  

Intelligent simulations automate simulation and payload management, user targeting, schedule and cleanup. The security admin can launch a simulation with a click of a button in the Attack simulation Training tab in Microsoft 365 Security Center.  



Following the simple steps outlined in the workflow, the admin can pick from 4 different social engineering techniques and select the phish template from a list of real phish templates seen in their tenant. Optionally, if the admin prefers, they can upload their own template as well, and then select the users to whom the simulation will be sent.  





The admin can then assign training tailored to a user’s behavior in the simulation. Microsoft recommends training to assign based on learning pathways and our intelligence into which training is effective for which kinds of behavior. The admin can also choose to assign training themselves. For example, an admin may choose to assign 3 trainings to users who were compromised in the simulation but only 2 to those who clicked and 1 to all users. The landing page on which the end user will land to access this training are wholly customizable for the look and voice of your brand. Finally, the admin has the option to schedule the simulation to launch right away or at a later time, which can be customized by recipient time-zone.  




Reinforce your human firewall with impactful training  

 Terranova Security’s huge library of phish training content enables personalized and highly specific training targeting based on susceptibility score or simulationperformance. Nanolearningsmicrolearnings, and interactivity cater to diverse learning styles and reinforce awareness. Additionally, all trainings are available in 12+ languages and accessible to the highest standards to meet the needs of Microsoft’s global customers.  



When an employee clicks on the phishing link in a simulation, or give up their credentials, they will be directed to the landing page set up by the administrator. The landing page walks through the indicators of phishing that the employee missed and assigns them training, which can be completed right then within the product or scheduled for later in Outlook calendar. Regular reminders will prompt employees to complete assigned training until it is due.  


RukmaSen_4-1600804255755.pngAnalyse social engineering risk across employees with actionable insights  

The impact of training can be measured by the training effectiveness metric, which plots your organization’s actual compromise rate in a simulation against Microsoft’s predicted compromise rate. Overlay the dates of training completion and simulations to correlate which trainings caused a drop in compromise rate and evaluate their effectiveness. Gain visibility over your organization’s training completion and simulation status through completeness and coverage metrics and track your organization’s progress against the baseline predicted compromise rateEvery reporting dashboard can be filtered in different ways and exported for reporting 



Attack Simulation training helps you empower your people to identify and report social engineering attacks. Enable Attack Simulation Training in Private Preview now. To learn more, watch our Microsoft Ignite 2020 session 


Regular Visitor

Will there be a way to export the reports via an API?

New Contributor

Okay, let me get this right...


This feature is now for Microsoft Defender for Office 365, which used to be called Office 365 ATP, which is part of M365 Business Premium.

Assuming this refers to Plan 1 and not Plan 2 (who knows what the difference is), why am I being told I need an MDATP licence to access the URL in the demo above?


Has anyone ever told you your product set is way too complicated?

Occasional Contributor

How often are training reminders sent? Is it logged anywhere that these reminders are sent?


@Fahad Shaikh  Not just yet, but we know this is an important requirement and will be releasing this very soon. Stay Tuned! 

Senior Member

Few important questions:
- are payload available in different languages? I see them in English (and I love the amount available <3) and I see there are none available in polish.

- if other languages are there - how can we choose them? In the old attack sim the payload language was determined by admin who was launching simulation - which was terrible (i can only send simulations to users using the same language). Is there / will there be an option to choose payload language? Or maybe it would be determined based on user selected language? 

- I see you can create your own payloads with sms or teams message as attack surface - however I cannot choose those. Is this unavaialbe at the moment but coming sometime in the future?

- I know the trainings are in 12+ languages - are any other coming as well?

Occasional Visitor

Same question as @KubaBorkowski, we have the need to provide phishing training in multiple languages but I do not see how I can select payloads in other languages and I am having difficulty finding training to do so.  And are the other languages only available for the payloads, or are the trainings also available in other languages?

Senior Member

Hi any update on language option? 

New Contributor

I also got the same question as others around payload languages, i can not seem to get anything other than French :smile:

Occasional Visitor

@KubaBorkowski @rajubabu @Sigmund Brandstaetter 


I just wanted to get in and let everyone who has been asking about languages know what I've just found out with a meeting with Microsoft.


According to them, the trainings will automatically translate into one of the 33 languages that they supported.  This automatic translation is based on the user's language setting in Microsoft 365.  If the user's language setting is not one of the 33 supported languages I believe it automatically defaults to English.


For the payloads, they do not currently automatically translate them.  They tried machine translating, it did not accurately translate the emails, so they are working on having people translate them one at a time.  There is no timeline on when this will be done.


Also for payloads, some payloads are in different languages and they didn't originally have a way to filter them by language, but they are just about to push an update that will allow you to filter a phishing payload by language.  They don't have phishing payloads in all 33 languages however, because the payloads are actual phishes that have been recycled, and 80% of all phishes are in English.


Just wanted to let others in on this knowledge, hopefully it helps everyone! :)

New Contributor

@AndreaBohn Thanks, however, in my case the payload email text is in French - All my systems settings are US English. I don't have a problem reading French since i learned it in school, but I am based in the Philippines, French isn't really a thing here :lol:

Still trying to see if there is anything i can modify here, i found that not all are in French so I can work around this for the time being or just probably use custom text.

Senior Member

@AndreaBohn Thanks! Seems like polish isnt included in the 33 languages :(

As for the payloads - I dont think this is a big issue, you can always make a copy of an existing one and translate it yourself :) 

Occasional Visitor

@RukmaSen great work. When will the Teams and SMS options become available? As @KubaBorkowski mention previously, they appear but can not be selected.

Occasional Contributor

@RukmaSen When a user reports a message from a phishing campaign is there a way to display a message saying "You have passed" or "Congratulations" ?


I've heard others mention this but not sure if was a third part tool.

Senior Member

Hi, is this available for GCC? We get an error of "Service Unavailable on you tenant"

New Contributor

Is it possible to send the training reminder mail in different languages?

Occasional Contributor

I have raised a support case with Microsoft (Case #:26254527). The case was closed and resolved as a bug thus why I'm posting this here.


To summarize, we have users who have completed all their assigned training but still constantly get the email notification from saying they have not completed the training.


Any help to fix this issue would be great appreciated.

Version history
Last update:
‎May 11 2021 03:44 PM
Updated by: