The Microsoft Attack Simulator

The Microsoft Attack Simulator Image

In today's digital age, cybersecurity is more crucial than ever. With cyber threats evolving at an alarming rate, it's vital for organizations to test their defenses against potential attacks.  

This is where tools like the Microsoft Attack Simulator come into play. Designed for Microsoft 365, this powerful tool allows administrators to simulate phishing attacks, brute force attacks, and password spray attacks on their network, helping to identify vulnerabilities and educate employees on the importance of cybersecurity.  

In this article, we'll dive into how the Microsoft Attack Simulator works, guide you through its configuration steps, and conclude with the unique training opportunities offered by Eccentrix9 to maximize your cybersecurity posture. 

The Microsoft Attack Simulator is part of the Microsoft 365 Defender suite, designed to test your organization's defense mechanisms against simulated cyber-attacks. By using this tool, IT administrators can launch controlled attack scenarios that mimic real-life attacks without the actual risk. This proactive approach is invaluable for identifying weaknesses in your security policies and training employees to recognize and respond to malicious attempts. 

Key Features: 

  • Phishing Attack Simulation: Test how well your employees recognize and deal with phishing emails. 

  • Brute Force Password Attack (Legacy): Assess the strength of user passwords against brute force attack attempts. 

  • Password Spray Attack (Legacy): Determine how resistant your network is to password spray attacks, where attackers use common passwords against numerous accounts. 

Configuration Steps 

Before launching a simulation, ensure you have the necessary permissions within your Office 365 environment. You'll need to be assigned the Security Administrator or Global Administrator role. 

Step 1: Accessing the Attack Simulator 

  1. Sign in to the Microsoft 365 Defender portal, the main location where you find countermeasures to online threats in your Microsoft 365 tenant. 

  1. Navigate to Email & collaboration > Attack simulation training. 


Step 2: Creating a Simulation 

  1. In the Attack simulation training dashboard navigate to the Simulations tab and select +Launch a simulation. 

A screenshot of a computer programDescription automatically generated 

  1. Select a technique. In our example, we will use the Link to malware. Click Next once selected. 

A screenshot of a computerDescription automatically generated 

  1. Name the simulation and write short description (optional), then click Next

A screenshot of a computerDescription automatically generated 

  1. In the section Global payloads, choose Payment confirmation status. This is essentially the body of the email that you are selecting here, available to use on your tenant. Click Next when done. 

A screenshot of a computerDescription automatically generated 

  1. For Target users choose the Include all users in my organization radio button. There is a possibility to be more specific as well. 

A screenshot of a computerDescription automatically generated 

  1. In the section Exclude users, click Next if you do not want to exclude users from the selected pool of the previous step. 

A screenshot of a computerDescription automatically generated 

  1. Choose Assign training for me (Recommended) then click Next. This will allow a customized page to show at the end, with proposed training options for the user.