Announcement – Updates to the M365 Attack Simulator [EN]

Announcement – Updates to the M365 Attack Simulator [EN]

13/12/2019 – Microsoft has announced several new features in the phish simulation tool. This includes:

• an attachment-based phishing attack
• the ability to filter your simulation user targets by directory metadata like title, city, and department
• the inclusion of IP addresses and client data in the simulation detail report
• Simulation phish message simulations are included in your user phish submission reports 

Attachment Attack

See my previous article

Directory Filtering

Microsoft has added the ability to perform an filtered search of the organization’s directory based on metadata like Title, Department, and City. This allows the simulation administrator to refine target groups based on existing directory data instead of having to manually select those users, leverage CSVs, or create custom directory groups.

So, you will be able to target specific population to reduce your risk of getting phished.

Advanced Reporting Updates

The final feature that Microsoft has made available is the inclusion of detailed client information in the detail report of any given campaign, including username, action performed, datetime stamp, IP address, and client type information.

Outlook Reporting Add-In Integration

Microsoft is also including simulation phish messages in the normal reporting pipeline so that you can now track which of your users has correctly reported phish messages as part of the simulation exercise.  This can be found by navigating to Threat Management–>Explorer–>View Submissions–>User Submissions.