Phishing Awareness Training for Office 365

Microsoft provide Phishing Awareness Training for Office 365 (delivered in partnership with Terranova Security).

Phishing Awareness Training is part of the Microsoft Defender security suite and is one of the many reasons that make Microsoft a compelling choice when it comes to security – if you weren’t already aware, Microsoft are leaders in 5 Gartner Magic Quadrants for security!

Phishing Awareness Training for Office 365 is called ‘Attack Simulation Training’ and is available in the Microsoft 365 Defender portal. It allows you to test your user’s awareness of this common scamming technique and provides learning tools to help them upskill.

Required Licencing to use Phishing Awareness Training for Office 365

Attack Simulation Training is included in the Microsoft Defender for Office 365 Plan 2 licence and is bundled with the following:

  • Microsoft 365 E5
  • Office 365 E5
  • Business Premium
  • Microsoft 365 E5 Security (add-on)
  • Microsoft 365 F5 Security (add-on)
  • Microsoft 365 F5 Security & Compliance (add-on)

Setup Phishing Awareness Training for Office 365

This article won’t go into the finer detail of how you setup the phishing awareness training ‘campaign’, but you should find it straight forward. You’ll find Attack simulation training under the ‘Email & collaboration’ section.

From there you can launch a one-time campaign from the ‘Simulations’ tab, or an on-going one from ‘Simulation automations’ tab:

The wizard will take you through the setup process. There are several phishing techniques that can be used:

These techniques come with ‘payloads’ (or emails) used to trick users into giving up personal information such as credentials or tigger malware. You can also create your own payloads.

You’ll then select your target users, launch dates, and run times, as well as assign training modules.

What does Phishing Awareness Training for Office 365 look like for your users

It all starts with an email (payload) to trick your users. Here’s an example:

In this example (there are many based on the chosen payload), if the user follows the sign-in link, they will be presented with a typical looking Microsoft sign-in page where they can enter their username and password!

And if they do, they will be presented with the following message that lets them know they could have been phished. If you assigned training, they have the option to view that too:

Training reminders are also sent to the user’s inbox. The reminders also come with a handy calendar attachment (.ics file) that allows them to quickly schedule the training in their calendar:

 

Phishing Awareness Training for Office 365 assignments

When you click through to complete the training you will be presented with a list of assignments.

Phishing Awareness Training for Office 365 modules

The following are a couple of examples of the training modules that users are taken through.

Example 1 – Mass Market Phishing

Example 2 – Web Phishing

Reporting

 

Andrew Morpeth
Andrew Morpethhttps://ucgeek.co/author/amorpeth/
Andrew is a Modern Workplace Consultant specialising in Microsoft technologies based in Auckland, New Zealand; Andrew is a Director and Professional Services Manager at Lucidity Cloud Services and a Microsoft MVP.

Related Articles

6 COMMENTS

  1. Hi, but is it enough that the admin sending the campaign has a license (type E5) or do all users need to have a license enabled?
    All our users have a Business Premium, if I assign myself an E5 should I be able to start the companion?

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Andrew Morpeth
Andrew Morpethhttps://ucgeek.co/author/amorpeth/
Andrew is a Modern Workplace Consultant specialising in Microsoft technologies based in Auckland, New Zealand; Andrew is a Director and Professional Services Manager at Lucidity Cloud Services and a Microsoft MVP.

Latest Articles