Microsoft Confirms: "Sending Simulated Phishing Attacks to Your Employees Is a Must"

Drucker_Quote.pngWell, Microsoft just legitimized the whole new-school security awareness training market.

I'm pleased to note that Microsoft has finally acknowledged that organizations need to send simulated phishing attacks to their employees with the announcement of a new feature called Attack Simulator. Part of its online Office 365 offering, Attack Simulator allows an email admin to send phishing attacks to determine how employees respond.

We consider the addition of Attack Simulator to Microsoft’s online Office 365 offering a win for our industry. In adding this feature, Microsoft has done what it always does: observe the market for innovative companies that create new markets, and then include a ‘checkbox’ feature with limited functionality so that their marketing can say: ‘Yes, we do that’.”

As a leader in Gartner’s Magic Quadrant for Security Awareness Computer-based Training, our mission to enable customers’ employees to make smarter security decisions has now been confirmed as a ‘must'.

Perry Carpenter, KnowBe4’s Chief Evangelist & Strategy Officer commented: “By adding Attack Simulator, Microsoft has acknowledged that simulated phishing and the need to know your users’ susceptibility to social engineering is non-negotiable and a must-have in today’s enterprise and SMB environments.” Perry also noted: “It will be interesting to see if the Company allows third parties to create phishing template libraries, landing pages, and to see how the current functionality compares to that of the market leaders."

Scott Bekker, Redmond Magazine’s Executive Editor remarked, “The simulator is one of a handful of key, near-term security enhancements in the Office 365 roadmap. The attack simulator has the potential to be a very useful proactive defense tool for IT administrators. According to the roadmap, the attack simulator "enables admins to send simulated attacks (10-15 different attack categories including phish, brute force password cracking, etc.) to their end users to determine how they respond to attacks and determine if the right policies are in place to help mitigate real attacks.”

KnowBe4 has provided a free Phishing Security Test (PST) for 6 years now, which does a very similar thing to the new Microsoft offering. Attack Simulator shows the phish-prone percentage of an organization’s employees, so that a real program can be put in place to manage the ongoing urgent problem of social engineering attacks. Sending users an occasional phishing test provides just a baseline understanding and is only the start of a functional security awareness training program.”

According to a report from Gartner in September 2017, three key elements form a successful security educations program: communication and education on security tactics, knowledge of your users and pervasive communication. An attack simulator is a good place to start. Coupled with a personalized training program with regular updated and fresh content, users can strengthen and organization’s last line of defense.

So, How To Create A Security Culture?


IT pros don’t exactly know where to start when it comes to creating a mature security awareness program that will work for their organization. We’ve taken away all the guesswork with our new Automated Security Awareness Program (ASAP).


  • 15-25 questions depending upon answers
  • Suggested training materials based on answers
  • Choose and change your program start date and tasks
  • Calendar and list view of tasks
  • Dashboard with program status, % complete, tasks overdue, etc.
  • Detailed and summary exportable PDF versions of your program
  • Fully mature awareness program ready in 10 minutes

If you do not have a KnowBe4 account yet, (free or paid) find out what YOUR program will look like. There is no cost… Start ASAP!

Get Started Now

Don't like to click on redirected buttons? Cut & paste this link in your browser:

PS: If you’re a current KnowBe4 customer, just login to your console, click on ASAP at the top right and get started!

Topics: Phishing

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews