Welcome to part 1
In my introduction to this series, I stressed the importance of training and testing users. I was planning to start the series with Zero Trust strategy and build on that, but since I wrote about training and testing last time, I decided to start with attack simulation training. I also wanted to start with something that I think is fun.
“Attack simulation training enables Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations to measure and manage social engineering risk by allowing the creation and management of phishing simulations that are powered by real-world, de-weaponized phishing payloads. Hyper-targeted training, delivered in partnership with Terranova security, helps improve knowledge and change employee behavior.”
We will be sending an email to a user as a test. The email is from a fictitious, malicious actor. The target is Mr. Malware Link (ML). The email will contain a link that the actor is hoping ML will click on. If ML clicks the link, it will open an attachment from a file sharing site such as Dropbox or SharePoint. The attachment contains malicious code that will be installed on ML’s machine.
You must be assigned one of the following roles:
- Global Administrator
- Security Administrator
- Attack Simulation Administrators: Create and manage all aspects of attack simulation. campaigns.
- Attack Payload Author: Create attack payloads that an admin can initiate later.
From the Microsoft 365 Defender home and launch “Attack simulation training”.
Click “Launch a simulation”.
Type a name and description.
Search for and select “You filled out and signed a document”. Confirm that language is correct.
You can include all users in the organization or specific groups.
Select the training content preference dropdown and choose “Microsoft training experience (Recommended)”.
Select a training due date from the dropdown. I chose 7 days.
landing page preference.
Choose “Use Microsoft default landing page”.
landing page layout.
Choose “Microsoft Landing Page Template 2”. Click “Open preview panel” to see the email to be sent.
Add a logo.
(I always check “Add payload indicators” if it is available).
Select end user notification
Select “Microsoft default notification (recommended)”.
Select your default language.
Choose “Deliver during campaign” for this but may want to deliver when your campaign is over so users don’t alert each other. Get your help desk ready to field some calls.
Choose “Launch this simulation as soon as I’m done”.
Configure number of days to end simulation (2-30).
Check “Enable region aware timezone delivery”.
Click next, review and click submit.
You can check status on the Microsoft 365 Defender homepage.
Mr. Malware Link received an email! Let’s see what happens in part 2. Stay tuned.