hands-on lab

Running Simulated Phishing Attacks with Attack Simulation Training in Microsoft Defender for Office 365

Beginner
Up to 1h 15m
234
5/5
This lab is currently under maintenance. You can start the lab, but some instructions and screenshots may be inaccurate. We are actively working to resolve this issue and we apologize for any inconvenience.

Microsoft has currently disabled new registrations for the MS 365 Dev program. For the time being, please treat the lab as read-only or bring your own MS 365 account. Our team is currently working on an update, thank you for your understanding.

Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

Microsoft 365 Defender is a suite of defense tools used to detect, prevent, investigate and respond across various surface areas in your Microsoft 365 environment. This includes endpoints, identities, email, and applications.

Attack Simulated Training in Microsoft Defender for Office 365 is a Breach and Attack Simulation (BAS) tool in the Microsoft Defender Portal that lets you test your organization's security practices with realistic and sophisticated attack scenarios. Microsoft let you run these simulations to help you find vulnerable users before a real attack can cause damage to your organization.

In this lab, you will launch a simulated phishing cyber-attack to see how sophisticated and realistic attacks work in real-world conditions. 

Note: Due to this lab requiring the creation of a Microsoft 365 organization with an Admin Center, if you don't already have one you will need to provide a mobile phone number to pass the account creation process.

Learning Objectives

Upon completion of this lab, you will be able to:

  • Launch a sophisticated, realistic phishing attack simulation (campaign) on your organization to identify and train vulnerable users

Intended Audience

  • Security engineers who are interested in identifying users in their organization that are vulnerable to attacks such as phishing
  • Students interested in extending their SC-200 (Microsoft Security Operations Analyst Certification Exam) knowledge

Prerequisites

Familiarity with the following is recommended:

  • Microsoft 365 Admin Center
  • Microsoft Defender 365 Portal

Environment before

Environment after

About the author
Avatar
Adil Islam, opens in a new tab
Cloud Labs Developer
Students
7,979
Labs
39
Learning paths
1

Adil is a Microsoft Certified Trainer, former Azure Engineer, and loves all things Azure. He is a certified Azure Administrator and Azure DevOps Expert and has worked for some of the biggest MSPs in the world (Cognizant, New Signature, CoreAzure). He loves to combine his two passions: cloud and teaching.

Adil specializes in Azure Infrastructure services and has a curiosity for new, in-preview services from Azure, getting his hands familiar with the content before most of the world does. Outside of work, Adil helps run a growing community of IT professionals looking to break into the cloud and regularly runs workshops and webinars.

Covered topics
Lab steps
Setting Up A Microsoft 365 Developer Account
Launching a Simulated Attack Using Attack Simulation Training
Assessing the Phishing Campaign