Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Attack Simulation Training

31 Topics

Attack Simulation - Copy to SOC Mailbox
Hello Community! Currently we are using Knowbe4 to simulate phishing campaigns. We are evaluating the Microsoft E5 Attack simulation. One problem that I cannot figure out with the MSFT version is as follows: I have the SOC mailbox setup to send phishing emails to a shared mailbox for triage (I have it setup to not forward to Microsoft) When I create an attack simulation, and folks report the phish, I still get a copy of it in the phishing mailbox (I send these out monthly to thousands of people so I would prefer not to have a copy) I have looked at the email headers, and there is nothing in them that I can create a custom rule for. Has anyone been able to filter out attack simulation emails, while still receiving normal user reported emails in the SOC mailbox? Any advice appreciated. Em
EmiliePhishing
Mar 03, 2025 Place Microsoft Security
35Views
1like
0Comments
End user email notifications are now customizable - Part 2
Announcing new Attack Simulation Training customizations for email notifications
Richa_Sharma
Oct 22, 2024 Place Microsoft Security Blog
6.6KViews
3likes
4Comments
Training Campaigns: not all members invited AND newly created only in Scheduled State
we have started last week a training campaign (12 modules) and imported the targets via TXT-File ~ 4.200 Users via Email Address. the Preview showed the correct user-amount, but once the campaign was "running", the users were reduced to 3.462. Some people, who are not shown in the campaign nor received the mail with the trainings, are able to login via the generic link (https://security.microsoft.com/trainingassignments) and can see / run the assigned modules, but some get an empty list. to cover the "lost" accounts, we created a second training campaign with the same targets yesterday (repeated over is configured to 365 days), but the campaign won't leave the "scheduling" state. for testing purpose, we created a training with "fresh" modules (never used) and assigned only 2-3 users, but campaigns still won't change from "scheduled" to "running" or whatever status it should be. we faced an issue with one training module (phish by phone): in German, it only shows a grey-window, but no player starts. Debugger shows some 404 / 403 errors when loading the module. when we try the same module in EN, we get some error messages, but the course starts properly and people are able to "complete" it. for this specific issue, we already opened a ticket, but it would be interesting, if the "campaign state = scheduled" is a "global issue" or an undocumented limitation. as far as we see, we should not reach any limitation. michael
Solved
m2kAT
Aug 20, 2024 Place Microsoft Security
529Views
0likes
3Comments
Block standard C:\Users\%User%\AppData\Local\Microsoft\WindowsApps Path environment variable
Hello togehter, for security reasons I like to block (GPO?) / delete the standard Windows-path-enviroment variable: C:\Users\%User%\AppData\Local\Microsoft\WindowsApps First of all: Does it make sense to do this? I want to exclude a case that some user / unwanted software are copied here by attackers. Thanks a lot Kevin
KBraun94
Jun 02, 2024 Place Microsoft Security
1KViews
0likes
1Comment
Customize login pages in Attack Simulation Training
We are pleased to announce that custom login page is now customizable where admin can customize login page as per the theme of the payload for Credential Harvest and Link in Attachment technique.
Richa_Sharma
May 21, 2024 Place Microsoft Security Blog
9.5KViews
2likes
3Comments
Attack Simulation Training & Manager Notifications
New to Attack Sim, but have a question about notifications, specifically how to notify a user's manager if they fail a phishing sim and if they haven't completed the enrolled training. Does anyone know if this is possible? Anyone doing this?
CChristensen1672
Apr 19, 2024 Place Microsoft Security
361Views
0likes
0Comments
Attack Simulation Training - external tag
I am testing the Attack Simulation Training. I noticed on the phishing email I received, that the "External" tag that Outlook assigns was missing. That would be a red flag for many people. Is there a way to make this more realistic and have the External tag? Attack Simulation Training
JG-Burke
Apr 09, 2024 Place Microsoft Security
50KViews
0likes
6Comments
Setting up a New Phish Simulation Program - Part Two
This blog is part two of a two-part series on developing a security awareness training program for your organization. Part one can be found here.
Brandon Koeller
Jan 23, 2024 Place Microsoft Security Blog
7.4KViews
4likes
2Comments
Attack Simulation Training: User tags based targeting in simulations - now live!
Attack Simulation Training can now target simulations to users with pre-defined user tags in Defender for Office 365.
Gopal-MSFT
Jan 18, 2024 Place Microsoft Security Blog
6.1KViews
2likes
5Comments
The Attack Simulation Training landing page is now customizable
Announcing availability of a new Attack Simulation landing page experience!
Richa_Sharma
Dec 05, 2023 Place Microsoft Security Blog
14KViews
4likes
8Comments