Create an attack simulation campaign for a tenant.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
The following table lists the properties that are required when you create the simulation.
The following example shows a request.
POST https://graph.microsoft.com/v1.0/security/attackSimulation/simulations
Content-type: application/json
{
"displayName": "Graph Simulation",
"[email protected]": "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"[email protected]": "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"[email protected]": "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
"createdBy": {
"email": "[email protected]"
},
"durationInDays": "3",
"attackTechnique": "credentialHarvesting",
"status": "scheduled",
"includedAccountTarget": {
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",
"type": "addressBook",
"accountTargetEmails": [
"[email protected]"
]
},
"trainingSetting": {
"settingType": "noTraining"
},
"endUserNotificationSetting": {
"notificationPreference": "microsoft",
"settingType": "noTraining",
"positiveReinforcement": {
"deliveryPreference": "deliverAfterCampaignEnd",
"endUserNotification": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
"defaultLanguage": "en"
},
"simulationNotification": {
"targettedUserType": "compromised",
"[email protected]": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",
"defaultLanguage": "en"
}
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new Simulation
{
DisplayName = "Graph Simulation",
CreatedBy = new EmailIdentity
{
Email = "[email protected]",
},
DurationInDays = 3,
AttackTechnique = SimulationAttackTechnique.CredentialHarvesting,
Status = SimulationStatus.Scheduled,
IncludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"[email protected]",
},
},
TrainingSetting = new TrainingSetting
{
SettingType = TrainingSettingType.NoTraining,
},
EndUserNotificationSetting = new EndUserNotificationSetting
{
NotificationPreference = EndUserNotificationPreference.Microsoft,
SettingType = EndUserNotificationSettingType.NoTraining,
PositiveReinforcement = new PositiveReinforcementNotification
{
DeliveryPreference = NotificationDeliveryPreference.DeliverAfterCampaignEnd,
EndUserNotification = "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
DefaultLanguage = "en",
},
AdditionalData = new Dictionary<string, object>
{
{
"simulationNotification" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"targettedUserType", new UntypedString("compromised")
},
{
"[email protected]", new UntypedString("https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a")
},
{
"defaultLanguage", new UntypedString("en")
},
})
},
},
},
AdditionalData = new Dictionary<string, object>
{
{
"[email protected]" , "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
},
{
"[email protected]" , "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a"
},
{
"[email protected]" , "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a"
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations.PostAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
mgc security attack-simulation simulations create --body '{\
"displayName": "Graph Simulation",\
"[email protected]": "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",\
"[email protected]": "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",\
"[email protected]": "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",\
"createdBy": {\
"email": "[email protected]"\
},\
"durationInDays": "3",\
"attackTechnique": "credentialHarvesting",\
"status": "scheduled",\
"includedAccountTarget": {\
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",\
"type": "addressBook",\
"accountTargetEmails": [\
"[email protected]"\
]\
},\
"trainingSetting": {\
"settingType": "noTraining"\
},\
"endUserNotificationSetting": {\
"notificationPreference": "microsoft",\
"settingType": "noTraining",\
"positiveReinforcement": {\
"deliveryPreference": "deliverAfterCampaignEnd",\
"endUserNotification": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",\
"defaultLanguage": "en"\
},\
"simulationNotification": {\
"targettedUserType": "compromised",\
"[email protected]": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",\
"defaultLanguage": "en"\
}\
}\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewSimulation()
displayName := "Graph Simulation"
requestBody.SetDisplayName(&displayName)
createdBy := graphmodels.NewEmailIdentity()
email := "[email protected]"
createdBy.SetEmail(&email)
requestBody.SetCreatedBy(createdBy)
durationInDays := int32(3)
requestBody.SetDurationInDays(&durationInDays)
attackTechnique := graphmodels.CREDENTIALHARVESTING_SIMULATIONATTACKTECHNIQUE
requestBody.SetAttackTechnique(&attackTechnique)
status := graphmodels.SCHEDULED_SIMULATIONSTATUS
requestBody.SetStatus(&status)
includedAccountTarget := graphmodels.NewAddressBookAccountTargetContent()
type := graphmodels.ADDRESSBOOK_ACCOUNTTARGETCONTENTTYPE
includedAccountTarget.SetType(&type)
accountTargetEmails := []string {
"[email protected]",
}
includedAccountTarget.SetAccountTargetEmails(accountTargetEmails)
requestBody.SetIncludedAccountTarget(includedAccountTarget)
trainingSetting := graphmodels.NewTrainingSetting()
settingType := graphmodels.NOTRAINING_TRAININGSETTINGTYPE
trainingSetting.SetSettingType(&settingType)
requestBody.SetTrainingSetting(trainingSetting)
endUserNotificationSetting := graphmodels.NewEndUserNotificationSetting()
notificationPreference := graphmodels.MICROSOFT_ENDUSERNOTIFICATIONPREFERENCE
endUserNotificationSetting.SetNotificationPreference(¬ificationPreference)
settingType := graphmodels.NOTRAINING_ENDUSERNOTIFICATIONSETTINGTYPE
endUserNotificationSetting.SetSettingType(&settingType)
positiveReinforcement := graphmodels.NewPositiveReinforcementNotification()
deliveryPreference := graphmodels.DELIVERAFTERCAMPAIGNEND_NOTIFICATIONDELIVERYPREFERENCE
positiveReinforcement.SetDeliveryPreference(&deliveryPreference)
endUserNotification := "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a"
positiveReinforcement.SetEndUserNotification(&endUserNotification)
defaultLanguage := "en"
positiveReinforcement.SetDefaultLanguage(&defaultLanguage)
endUserNotificationSetting.SetPositiveReinforcement(positiveReinforcement)
additionalData := map[string]interface{}{
simulationNotification := graph.New()
targettedUserType := "compromised"
simulationNotification.SetTargettedUserType(&targettedUserType)
odataBind := "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a"
simulationNotification.SetOdataBind(&odataBind)
defaultLanguage := "en"
simulationNotification.SetDefaultLanguage(&defaultLanguage)
endUserNotificationSetting.SetSimulationNotification(simulationNotification)
}
endUserNotificationSetting.SetAdditionalData(additionalData)
requestBody.SetEndUserNotificationSetting(endUserNotificationSetting)
additionalData := map[string]interface{}{
"[email protected]" : "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"[email protected]" : "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"[email protected]" : "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
simulations, err := graphClient.Security().AttackSimulation().Simulations().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setDisplayName("Graph Simulation");
EmailIdentity createdBy = new EmailIdentity();
createdBy.setEmail("[email protected]");
simulation.setCreatedBy(createdBy);
simulation.setDurationInDays(3);
simulation.setAttackTechnique(SimulationAttackTechnique.CredentialHarvesting);
simulation.setStatus(SimulationStatus.Scheduled);
AddressBookAccountTargetContent includedAccountTarget = new AddressBookAccountTargetContent();
includedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
includedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails = new LinkedList<String>();
accountTargetEmails.add("[email protected]");
includedAccountTarget.setAccountTargetEmails(accountTargetEmails);
simulation.setIncludedAccountTarget(includedAccountTarget);
TrainingSetting trainingSetting = new TrainingSetting();
trainingSetting.setSettingType(TrainingSettingType.NoTraining);
simulation.setTrainingSetting(trainingSetting);
EndUserNotificationSetting endUserNotificationSetting = new EndUserNotificationSetting();
endUserNotificationSetting.setNotificationPreference(EndUserNotificationPreference.Microsoft);
endUserNotificationSetting.setSettingType(EndUserNotificationSettingType.NoTraining);
PositiveReinforcementNotification positiveReinforcement = new PositiveReinforcementNotification();
positiveReinforcement.setDeliveryPreference(NotificationDeliveryPreference.DeliverAfterCampaignEnd);
positiveReinforcement.setEndUserNotification("https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a");
positiveReinforcement.setDefaultLanguage("en");
endUserNotificationSetting.setPositiveReinforcement(positiveReinforcement);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
simulationNotification = new ();
simulationNotification.setTargettedUserType("compromised");
simulationNotification.setEndUserNotificationOdataBind("https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a");
simulationNotification.setDefaultLanguage("en");
additionalData.put("simulationNotification", simulationNotification);
endUserNotificationSetting.setAdditionalData(additionalData);
simulation.setEndUserNotificationSetting(endUserNotificationSetting);
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
additionalData1.put("[email protected]", "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a");
additionalData1.put("[email protected]", "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a");
additionalData1.put("[email protected]", "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a");
simulation.setAdditionalData(additionalData1);
Simulation result = graphClient.security().attackSimulation().simulations().post(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const simulation = {
displayName: 'Graph Simulation',
'[email protected]': 'https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
'[email protected]': 'https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a',
'[email protected]': 'https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a',
createdBy: {
email: '[email protected]'
},
durationInDays: '3',
attackTechnique: 'credentialHarvesting',
status: 'scheduled',
includedAccountTarget: {
'@odata.type': '#microsoft.graph.addressBookAccountTargetContent',
type: 'addressBook',
accountTargetEmails: [
'[email protected]'
]
},
trainingSetting: {
settingType: 'noTraining'
},
endUserNotificationSetting: {
notificationPreference: 'microsoft',
settingType: 'noTraining',
positiveReinforcement: {
deliveryPreference: 'deliverAfterCampaignEnd',
endUserNotification: 'https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a',
defaultLanguage: 'en'
},
simulationNotification: {
targettedUserType: 'compromised',
'[email protected]': 'https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a',
defaultLanguage: 'en'
}
}
};
await client.api('/security/attackSimulation/simulations')
.post(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Simulation;
use Microsoft\Graph\Generated\Models\EmailIdentity;
use Microsoft\Graph\Generated\Models\SimulationAttackTechnique;
use Microsoft\Graph\Generated\Models\SimulationStatus;
use Microsoft\Graph\Generated\Models\AddressBookAccountTargetContent;
use Microsoft\Graph\Generated\Models\AccountTargetContentType;
use Microsoft\Graph\Generated\Models\TrainingSetting;
use Microsoft\Graph\Generated\Models\TrainingSettingType;
use Microsoft\Graph\Generated\Models\EndUserNotificationSetting;
use Microsoft\Graph\Generated\Models\EndUserNotificationPreference;
use Microsoft\Graph\Generated\Models\EndUserNotificationSettingType;
use Microsoft\Graph\Generated\Models\PositiveReinforcementNotification;
use Microsoft\Graph\Generated\Models\NotificationDeliveryPreference;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Simulation();
$requestBody->setDisplayName('Graph Simulation');
$createdBy = new EmailIdentity();
$createdBy->setEmail('[email protected]');
$requestBody->setCreatedBy($createdBy);
$requestBody->setDurationInDays(3);
$requestBody->setAttackTechnique(new SimulationAttackTechnique('credentialHarvesting'));
$requestBody->setStatus(new SimulationStatus('scheduled'));
$includedAccountTarget = new AddressBookAccountTargetContent();
$includedAccountTarget->setOdataType('#microsoft.graph.addressBookAccountTargetContent');
$includedAccountTarget->setType(new AccountTargetContentType('addressBook'));
$includedAccountTarget->setAccountTargetEmails(['[email protected]', ]);
$requestBody->setIncludedAccountTarget($includedAccountTarget);
$trainingSetting = new TrainingSetting();
$trainingSetting->setSettingType(new TrainingSettingType('noTraining'));
$requestBody->setTrainingSetting($trainingSetting);
$endUserNotificationSetting = new EndUserNotificationSetting();
$endUserNotificationSetting->setNotificationPreference(new EndUserNotificationPreference('microsoft'));
$endUserNotificationSetting->setSettingType(new EndUserNotificationSettingType('noTraining'));
$endUserNotificationSettingPositiveReinforcement = new PositiveReinforcementNotification();
$endUserNotificationSettingPositiveReinforcement->setDeliveryPreference(new NotificationDeliveryPreference('deliverAfterCampaignEnd'));
$endUserNotificationSettingPositiveReinforcement->setEndUserNotification('https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a');
$endUserNotificationSettingPositiveReinforcement->setDefaultLanguage('en');
$endUserNotificationSetting->setPositiveReinforcement($endUserNotificationSettingPositiveReinforcement);
$additionalData = [
'simulationNotification' => [
'targettedUserType' => 'compromised',
'[email protected]' => 'https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a',
'defaultLanguage' => 'en',
],
];
$endUserNotificationSetting->setAdditionalData($additionalData);
$requestBody->setEndUserNotificationSetting($endUserNotificationSetting);
$additionalData = [
'[email protected]' => 'https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
'[email protected]' => 'https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a',
'[email protected]' => 'https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a',
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->security()->attackSimulation()->simulations()->post($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Security
$params = @{
displayName = "Graph Simulation"
"[email protected]" = "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
"[email protected]" = "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a"
"[email protected]" = "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a"
createdBy = @{
email = "[email protected]"
}
durationInDays = "3"
attackTechnique = "credentialHarvesting"
status = "scheduled"
includedAccountTarget = @{
"@odata.type" = "#microsoft.graph.addressBookAccountTargetContent"
type = "addressBook"
accountTargetEmails = @(
"[email protected]"
)
}
trainingSetting = @{
settingType = "noTraining"
}
endUserNotificationSetting = @{
notificationPreference = "microsoft"
settingType = "noTraining"
positiveReinforcement = @{
deliveryPreference = "deliverAfterCampaignEnd"
endUserNotification = "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a"
defaultLanguage = "en"
}
simulationNotification = @{
targettedUserType = "compromised"
"[email protected]" = "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a"
defaultLanguage = "en"
}
}
}
New-MgSecurityAttackSimulation -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.simulation import Simulation
from msgraph.generated.models.email_identity import EmailIdentity
from msgraph.generated.models.simulation_attack_technique import SimulationAttackTechnique
from msgraph.generated.models.simulation_status import SimulationStatus
from msgraph.generated.models.address_book_account_target_content import AddressBookAccountTargetContent
from msgraph.generated.models.account_target_content_type import AccountTargetContentType
from msgraph.generated.models.training_setting import TrainingSetting
from msgraph.generated.models.training_setting_type import TrainingSettingType
from msgraph.generated.models.end_user_notification_setting import EndUserNotificationSetting
from msgraph.generated.models.end_user_notification_preference import EndUserNotificationPreference
from msgraph.generated.models.end_user_notification_setting_type import EndUserNotificationSettingType
from msgraph.generated.models.positive_reinforcement_notification import PositiveReinforcementNotification
from msgraph.generated.models.notification_delivery_preference import NotificationDeliveryPreference
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Simulation(
display_name = "Graph Simulation",
created_by = EmailIdentity(
email = "[email protected]",
),
duration_in_days = 3,
attack_technique = SimulationAttackTechnique.CredentialHarvesting,
status = SimulationStatus.Scheduled,
included_account_target = AddressBookAccountTargetContent(
odata_type = "#microsoft.graph.addressBookAccountTargetContent",
type = AccountTargetContentType.AddressBook,
account_target_emails = [
"[email protected]",
],
),
training_setting = TrainingSetting(
setting_type = TrainingSettingType.NoTraining,
),
end_user_notification_setting = EndUserNotificationSetting(
notification_preference = EndUserNotificationPreference.Microsoft,
setting_type = EndUserNotificationSettingType.NoTraining,
positive_reinforcement = PositiveReinforcementNotification(
delivery_preference = NotificationDeliveryPreference.DeliverAfterCampaignEnd,
end_user_notification = "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
default_language = "en",
),
additional_data = {
"simulation_notification" : {
"targetted_user_type" : "compromised",
"end_user_notification@odata_bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",
"default_language" : "en",
},
}
),
additional_data = {
"payload@odata_bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"login_page@odata_bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"landing_page@odata_bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
}
)
result = await graph_client.security.attack_simulation.simulations.post(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
The following example shows the response.