You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-office-365/attack-simulation-training-get-started.md
+17-2Lines changed: 17 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ ms.custom:
19
19
- seo-marvel-apr2020
20
20
description: Admins can learn how to use Attack simulation training to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
21
21
ms.service: defender-office-365
22
-
ms.date: 12/04/2024
22
+
ms.date: 02/04/2025
23
23
appliesto:
24
24
- ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
25
25
---
@@ -54,12 +54,27 @@ Watch this short video to learn more about Attack simulation training.
54
54
-**Global Administrator**¹
55
55
-**Security Administrator**
56
56
-**Attack Simulation Administrators**²: Create and manage all aspects of attack simulation campaigns.
57
-
-**Attack Payload Author**²: Create attack payloads that an admin can initiate later.
57
+
-**Attack Payload Author**²: Create attack payloads that an admin can initiate later.
58
+
-**Security Operator and Security Reader**³: View all aspects of attack simulation campaigns.
58
59
59
60
> [!IMPORTANT]
60
61
> ¹ Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
61
62
>
62
63
> ² Adding users to this role group in [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md) is currently unsupported.
64
+
>
65
+
> Members of Attack Payload Author have the following limitations in attack simulation training:
66
+
>
67
+
> - They can't create or edit simulations, training campaigns, simulation automations, or payload automations.
68
+
> - They can't change global settings.
69
+
> - They can't change content (for example, notifications), but they can change payloads.
70
+
> - They can't view tenant simulation reports, aggregate reports, simulation automation records, or payload automation records.
71
+
>
72
+
> ³ Members of Security Operator and Security Reader have the following limitations in attack simulation training:
73
+
>
74
+
> - They can't create or edit simulations, training campaigns, simulation automations, or payload automations.
75
+
> - They can't change global settings.
76
+
> - They can't change content (for example, tenant payloads or notifications).
77
+
> - They can access data through read APIs with user scope, but they can't use write APIs.
63
78
64
79
Currently, [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) isn't supported.
0 commit comments