Create an attack simulation campaign for a tenant.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
The following table lists the properties that are required when you create the simulation.
The following example shows a request.
POST https://graph.microsoft.com/beta/security/attackSimulation/simulations
Content-type: application/json
{
"displayName": "Graph Simulation",
"[email protected]": "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"[email protected]": "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"[email protected]": "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
"createdBy": {
"email": "[email protected]"
},
"durationInDays": "3",
"attackTechnique": "credentialHarvesting",
"status": "scheduled",
"includedAccountTarget": {
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",
"type": "addressBook",
"accountTargetEmails": [
"[email protected]"
]
},
"trainingSetting": {
"settingType": "noTraining"
},
"endUserNotificationSetting": {
"notificationPreference": "microsoft",
"settingType": "noTraining",
"positiveReinforcement": {
"deliveryPreference": "deliverAfterCampaignEnd",
"endUserNotification": "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
"defaultLanguage": "en"
},
"simulationNotification": {
"targettedUserType": "compromised",
"[email protected]": "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",
"defaultLanguage": "en"
}
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new Simulation
{
DisplayName = "Graph Simulation",
CreatedBy = new EmailIdentity
{
Email = "[email protected]",
},
DurationInDays = 3,
AttackTechnique = SimulationAttackTechnique.CredentialHarvesting,
Status = SimulationStatus.Scheduled,
IncludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"[email protected]",
},
},
TrainingSetting = new TrainingSetting
{
SettingType = TrainingSettingType.NoTraining,
},
EndUserNotificationSetting = new EndUserNotificationSetting
{
NotificationPreference = EndUserNotificationPreference.Microsoft,
SettingType = EndUserNotificationSettingType.NoTraining,
PositiveReinforcement = new PositiveReinforcementNotification
{
DeliveryPreference = NotificationDeliveryPreference.DeliverAfterCampaignEnd,
EndUserNotification = "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
DefaultLanguage = "en",
},
AdditionalData = new Dictionary<string, object>
{
{
"simulationNotification" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"targettedUserType", new UntypedString("compromised")
},
{
"[email protected]", new UntypedString("https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a")
},
{
"defaultLanguage", new UntypedString("en")
},
})
},
},
},
AdditionalData = new Dictionary<string, object>
{
{
"[email protected]" , "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
},
{
"[email protected]" , "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a"
},
{
"[email protected]" , "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a"
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations.PostAsync(requestBody);
mgc-beta security attack-simulation simulations create --body '{\
"displayName": "Graph Simulation",\
"[email protected]": "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",\
"[email protected]": "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",\
"[email protected]": "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",\
"createdBy": {\
"email": "[email protected]"\
},\
"durationInDays": "3",\
"attackTechnique": "credentialHarvesting",\
"status": "scheduled",\
"includedAccountTarget": {\
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",\
"type": "addressBook",\
"accountTargetEmails": [\
"[email protected]"\
]\
},\
"trainingSetting": {\
"settingType": "noTraining"\
},\
"endUserNotificationSetting": {\
"notificationPreference": "microsoft",\
"settingType": "noTraining",\
"positiveReinforcement": {\
"deliveryPreference": "deliverAfterCampaignEnd",\
"endUserNotification": "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",\
"defaultLanguage": "en"\
},\
"simulationNotification": {\
"targettedUserType": "compromised",\
"[email protected]": "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",\
"defaultLanguage": "en"\
}\
}\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewSimulation()
displayName := "Graph Simulation"
requestBody.SetDisplayName(&displayName)
createdBy := graphmodels.NewEmailIdentity()
email := "[email protected]"
createdBy.SetEmail(&email)
requestBody.SetCreatedBy(createdBy)
durationInDays := int32(3)
requestBody.SetDurationInDays(&durationInDays)
attackTechnique := graphmodels.CREDENTIALHARVESTING_SIMULATIONATTACKTECHNIQUE
requestBody.SetAttackTechnique(&attackTechnique)
status := graphmodels.SCHEDULED_SIMULATIONSTATUS
requestBody.SetStatus(&status)
includedAccountTarget := graphmodels.NewAddressBookAccountTargetContent()
type := graphmodels.ADDRESSBOOK_ACCOUNTTARGETCONTENTTYPE
includedAccountTarget.SetType(&type)
accountTargetEmails := []string {
"[email protected]",
}
includedAccountTarget.SetAccountTargetEmails(accountTargetEmails)
requestBody.SetIncludedAccountTarget(includedAccountTarget)
trainingSetting := graphmodels.NewTrainingSetting()
settingType := graphmodels.NOTRAINING_TRAININGSETTINGTYPE
trainingSetting.SetSettingType(&settingType)
requestBody.SetTrainingSetting(trainingSetting)
endUserNotificationSetting := graphmodels.NewEndUserNotificationSetting()
notificationPreference := graphmodels.MICROSOFT_ENDUSERNOTIFICATIONPREFERENCE
endUserNotificationSetting.SetNotificationPreference(¬ificationPreference)
settingType := graphmodels.NOTRAINING_ENDUSERNOTIFICATIONSETTINGTYPE
endUserNotificationSetting.SetSettingType(&settingType)
positiveReinforcement := graphmodels.NewPositiveReinforcementNotification()
deliveryPreference := graphmodels.DELIVERAFTERCAMPAIGNEND_NOTIFICATIONDELIVERYPREFERENCE
positiveReinforcement.SetDeliveryPreference(&deliveryPreference)
endUserNotification := "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a"
positiveReinforcement.SetEndUserNotification(&endUserNotification)
defaultLanguage := "en"
positiveReinforcement.SetDefaultLanguage(&defaultLanguage)
endUserNotificationSetting.SetPositiveReinforcement(positiveReinforcement)
additionalData := map[string]interface{}{
simulationNotification := graph.New()
targettedUserType := "compromised"
simulationNotification.SetTargettedUserType(&targettedUserType)
odataBind := "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a"
simulationNotification.SetOdataBind(&odataBind)
defaultLanguage := "en"
simulationNotification.SetDefaultLanguage(&defaultLanguage)
endUserNotificationSetting.SetSimulationNotification(simulationNotification)
}
endUserNotificationSetting.SetAdditionalData(additionalData)
requestBody.SetEndUserNotificationSetting(endUserNotificationSetting)
additionalData := map[string]interface{}{
"[email protected]" : "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"[email protected]" : "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"[email protected]" : "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
simulations, err := graphClient.Security().AttackSimulation().Simulations().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setDisplayName("Graph Simulation");
EmailIdentity createdBy = new EmailIdentity();
createdBy.setEmail("[email protected]");
simulation.setCreatedBy(createdBy);
simulation.setDurationInDays(3);
simulation.setAttackTechnique(SimulationAttackTechnique.CredentialHarvesting);
simulation.setStatus(SimulationStatus.Scheduled);
AddressBookAccountTargetContent includedAccountTarget = new AddressBookAccountTargetContent();
includedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
includedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails = new LinkedList<String>();
accountTargetEmails.add("[email protected]");
includedAccountTarget.setAccountTargetEmails(accountTargetEmails);
simulation.setIncludedAccountTarget(includedAccountTarget);
TrainingSetting trainingSetting = new TrainingSetting();
trainingSetting.setSettingType(TrainingSettingType.NoTraining);
simulation.setTrainingSetting(trainingSetting);
EndUserNotificationSetting endUserNotificationSetting = new EndUserNotificationSetting();
endUserNotificationSetting.setNotificationPreference(EndUserNotificationPreference.Microsoft);
endUserNotificationSetting.setSettingType(EndUserNotificationSettingType.NoTraining);
PositiveReinforcementNotification positiveReinforcement = new PositiveReinforcementNotification();
positiveReinforcement.setDeliveryPreference(NotificationDeliveryPreference.DeliverAfterCampaignEnd);
positiveReinforcement.setEndUserNotification("https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a");
positiveReinforcement.setDefaultLanguage("en");
endUserNotificationSetting.setPositiveReinforcement(positiveReinforcement);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
simulationNotification = new ();
simulationNotification.setTargettedUserType("compromised");
simulationNotification.setEndUserNotificationOdataBind("https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a");
simulationNotification.setDefaultLanguage("en");
additionalData.put("simulationNotification", simulationNotification);
endUserNotificationSetting.setAdditionalData(additionalData);
simulation.setEndUserNotificationSetting(endUserNotificationSetting);
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
additionalData1.put("[email protected]", "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a");
additionalData1.put("[email protected]", "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a");
additionalData1.put("[email protected]", "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a");
simulation.setAdditionalData(additionalData1);
Simulation result = graphClient.security().attackSimulation().simulations().post(simulation);
const options = {
authProvider,
};
const client = Client.init(options);
const simulation = {
displayName: 'Graph Simulation',
'[email protected]': 'https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
'[email protected]': 'https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a',
'[email protected]': 'https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a',
createdBy: {
email: '[email protected]'
},
durationInDays: '3',
attackTechnique: 'credentialHarvesting',
status: 'scheduled',
includedAccountTarget: {
'@odata.type': '#microsoft.graph.addressBookAccountTargetContent',
type: 'addressBook',
accountTargetEmails: [
'[email protected]'
]
},
trainingSetting: {
settingType: 'noTraining'
},
endUserNotificationSetting: {
notificationPreference: 'microsoft',
settingType: 'noTraining',
positiveReinforcement: {
deliveryPreference: 'deliverAfterCampaignEnd',
endUserNotification: 'https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a',
defaultLanguage: 'en'
},
simulationNotification: {
targettedUserType: 'compromised',
'[email protected]': 'https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a',
defaultLanguage: 'en'
}
}
};
await client.api('/security/attackSimulation/simulations')
.version('beta')
.post(simulation);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Simulation;
use Microsoft\Graph\Beta\Generated\Models\EmailIdentity;
use Microsoft\Graph\Beta\Generated\Models\SimulationAttackTechnique;
use Microsoft\Graph\Beta\Generated\Models\SimulationStatus;
use Microsoft\Graph\Beta\Generated\Models\AddressBookAccountTargetContent;
use Microsoft\Graph\Beta\Generated\Models\AccountTargetContentType;
use Microsoft\Graph\Beta\Generated\Models\TrainingSetting;
use Microsoft\Graph\Beta\Generated\Models\TrainingSettingType;
use Microsoft\Graph\Beta\Generated\Models\EndUserNotificationSetting;
use Microsoft\Graph\Beta\Generated\Models\EndUserNotificationPreference;
use Microsoft\Graph\Beta\Generated\Models\EndUserNotificationSettingType;
use Microsoft\Graph\Beta\Generated\Models\PositiveReinforcementNotification;
use Microsoft\Graph\Beta\Generated\Models\NotificationDeliveryPreference;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Simulation();
$requestBody->setDisplayName('Graph Simulation');
$createdBy = new EmailIdentity();
$createdBy->setEmail('[email protected]');
$requestBody->setCreatedBy($createdBy);
$requestBody->setDurationInDays(3);
$requestBody->setAttackTechnique(new SimulationAttackTechnique('credentialHarvesting'));
$requestBody->setStatus(new SimulationStatus('scheduled'));
$includedAccountTarget = new AddressBookAccountTargetContent();
$includedAccountTarget->setOdataType('#microsoft.graph.addressBookAccountTargetContent');
$includedAccountTarget->setType(new AccountTargetContentType('addressBook'));
$includedAccountTarget->setAccountTargetEmails(['[email protected]', ]);
$requestBody->setIncludedAccountTarget($includedAccountTarget);
$trainingSetting = new TrainingSetting();
$trainingSetting->setSettingType(new TrainingSettingType('noTraining'));
$requestBody->setTrainingSetting($trainingSetting);
$endUserNotificationSetting = new EndUserNotificationSetting();
$endUserNotificationSetting->setNotificationPreference(new EndUserNotificationPreference('microsoft'));
$endUserNotificationSetting->setSettingType(new EndUserNotificationSettingType('noTraining'));
$endUserNotificationSettingPositiveReinforcement = new PositiveReinforcementNotification();
$endUserNotificationSettingPositiveReinforcement->setDeliveryPreference(new NotificationDeliveryPreference('deliverAfterCampaignEnd'));
$endUserNotificationSettingPositiveReinforcement->setEndUserNotification('https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a');
$endUserNotificationSettingPositiveReinforcement->setDefaultLanguage('en');
$endUserNotificationSetting->setPositiveReinforcement($endUserNotificationSettingPositiveReinforcement);
$additionalData = [
'simulationNotification' => [
'targettedUserType' => 'compromised',
'[email protected]' => 'https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a',
'defaultLanguage' => 'en',
],
];
$endUserNotificationSetting->setAdditionalData($additionalData);
$requestBody->setEndUserNotificationSetting($endUserNotificationSetting);
$additionalData = [
'[email protected]' => 'https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
'[email protected]' => 'https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a',
'[email protected]' => 'https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a',
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->security()->attackSimulation()->simulations()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Security
$params = @{
displayName = "Graph Simulation"
"[email protected]" = "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
"[email protected]" = "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a"
"[email protected]" = "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a"
createdBy = @{
email = "[email protected]"
}
durationInDays = "3"
attackTechnique = "credentialHarvesting"
status = "scheduled"
includedAccountTarget = @{
"@odata.type" = "#microsoft.graph.addressBookAccountTargetContent"
type = "addressBook"
accountTargetEmails = @(
"[email protected]"
)
}
trainingSetting = @{
settingType = "noTraining"
}
endUserNotificationSetting = @{
notificationPreference = "microsoft"
settingType = "noTraining"
positiveReinforcement = @{
deliveryPreference = "deliverAfterCampaignEnd"
endUserNotification = "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a"
defaultLanguage = "en"
}
simulationNotification = @{
targettedUserType = "compromised"
"[email protected]" = "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a"
defaultLanguage = "en"
}
}
}
New-MgBetaSecurityAttackSimulation -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.simulation import Simulation
from msgraph_beta.generated.models.email_identity import EmailIdentity
from msgraph_beta.generated.models.simulation_attack_technique import SimulationAttackTechnique
from msgraph_beta.generated.models.simulation_status import SimulationStatus
from msgraph_beta.generated.models.address_book_account_target_content import AddressBookAccountTargetContent
from msgraph_beta.generated.models.account_target_content_type import AccountTargetContentType
from msgraph_beta.generated.models.training_setting import TrainingSetting
from msgraph_beta.generated.models.training_setting_type import TrainingSettingType
from msgraph_beta.generated.models.end_user_notification_setting import EndUserNotificationSetting
from msgraph_beta.generated.models.end_user_notification_preference import EndUserNotificationPreference
from msgraph_beta.generated.models.end_user_notification_setting_type import EndUserNotificationSettingType
from msgraph_beta.generated.models.positive_reinforcement_notification import PositiveReinforcementNotification
from msgraph_beta.generated.models.notification_delivery_preference import NotificationDeliveryPreference
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Simulation(
display_name = "Graph Simulation",
created_by = EmailIdentity(
email = "[email protected]",
),
duration_in_days = 3,
attack_technique = SimulationAttackTechnique.CredentialHarvesting,
status = SimulationStatus.Scheduled,
included_account_target = AddressBookAccountTargetContent(
odata_type = "#microsoft.graph.addressBookAccountTargetContent",
type = AccountTargetContentType.AddressBook,
account_target_emails = [
"[email protected]",
],
),
training_setting = TrainingSetting(
setting_type = TrainingSettingType.NoTraining,
),
end_user_notification_setting = EndUserNotificationSetting(
notification_preference = EndUserNotificationPreference.Microsoft,
setting_type = EndUserNotificationSettingType.NoTraining,
positive_reinforcement = PositiveReinforcementNotification(
delivery_preference = NotificationDeliveryPreference.DeliverAfterCampaignEnd,
end_user_notification = "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
default_language = "en",
),
additional_data = {
"simulation_notification" : {
"targetted_user_type" : "compromised",
"end_user_notification@odata_bind" : "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",
"default_language" : "en",
},
}
),
additional_data = {
"payload@odata_bind" : "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"login_page@odata_bind" : "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"landing_page@odata_bind" : "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
}
)
result = await graph_client.security.attack_simulation.simulations.post(request_body)
The following example shows the response.