Send “How-to guides” to your organization from Attack Simulation training

Posted by

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan.


We are thrilled to announce that Attack Simulation Training now includes an exciting new feature: "How-to Guides" that can be sent to users to provide instructions to recipient on how to complete important security tasks. This capability is designed to provide a lightweight guidance to end users on how to report a phishing message directly through email. By delivering these guides directly to the end user's inbox, we can ensure that the end user has the information they need to confidently report any suspicious emails. This feature can help improve end user participation during phishing message simulations and real malicious attacks by proactively addressing any potential gaps between recognizing malicious messages and reporting.


This feature is included as a technique within the "Create Simulation" flow and can be customized by admins to best support their organization's needs. At present, we offer one English-language global guide focused on reporting phishing messages using the native report message button in Outlook. However, we plan on releasing more guides in the near future.

Once a user reports a phishing message, they will be marked as having completed this learning moment.


MicrosoftTeams-image (23).png
The "How-to Guide" is available as an option during technique selection when creating a simulation campaign



The "How-to Guide" campaign is designed to be a lightweight educational experience that empowers end-users to learn how to report against potential threats.

Admins can use this capability to configure custom payloads send regular reminders to users, encouraging them to stay vigilant against malicious messages and regular guidance on how to report phishing messages.

As the "How-to Guide" campaigns are a type of teaching moment, admins will not be able to assign additional training to end-users for this type of campaign.

However, a positive reinforcement message may be included as part of the experience to celebrate users when they successfully report a phishing message.


We are excited to introduce this new capability for admins to help organizations continually engage their end-users on the importance of staying alert against malicious messages and how to report them. With "How-to guides", users can be armed with the knowledge and confidence they need to protect themselves and their organizations from phishing threats.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.