---
title: "Microsoft 365&#8217;s New Phishing Simulation to Check Your Organization&#8217;s Email Security Posture | Phish Protection"
description: "Microsoft 365&#38;#8217;s New Phishing Simulation to Check Your Organization&#38;#8217;s Email Security Posture: With threats such as ransomware, phishing emails."
image: "https://phishprotection.com/og/blog/microsoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture.png"
canonical: "https://phishprotection.com/blog/microsoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture/"
---

Quick Answer

With threats such as ransomware, \[phishing emails\](/blog/sophisticated-new-tactic-makes-phishing-emails-harder-to-detect/), and malware constantly lurking in the dark, cybersecurity experts are always at war against those waiting to exploit uneducated victims. Since \[the first phishing attack \](https://enterprise.verizon.com/resources/articles/s/the-history-of-phishing/)in the mid-1990s, it has evolved into a highly sophisticated and most frequent attack vector leading to fraud activity. Enterprises need to fundamentally change their approach to cybersecurity and align their budgets with the newly defined reality. \[As per a report\](https://www.herjavecgroup.com/the-2019-official-annual-cybercrime-report/), \_cybersecurity expenditure will touch approximately \*\*$6 trillion

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmicrosoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Microsoft%20365%26%238217%3Bs%20New%20Phishing%20Simulation%20to%20Check%20Your%20Organization%26%238217%3Bs%20Email%20Security%20Posture&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmicrosoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmicrosoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmicrosoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture%2F&title=Microsoft%20365%26%238217%3Bs%20New%20Phishing%20Simulation%20to%20Check%20Your%20Organization%26%238217%3Bs%20Email%20Security%20Posture "Share on Reddit") [ ](mailto:?subject=Microsoft%20365%26%238217%3Bs%20New%20Phishing%20Simulation%20to%20Check%20Your%20Organization%26%238217%3Bs%20Email%20Security%20Posture&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fmicrosoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/09/phishing-prevention-tips-3371.jpg) 

With threats such as ransomware, [phishing emails](/blog/sophisticated-new-tactic-makes-phishing-emails-harder-to-detect/), and malware constantly lurking in the dark, cybersecurity experts are always at war against those waiting to exploit uneducated victims. Since [the first phishing attack ](https://enterprise.verizon.com/resources/articles/s/the-history-of-phishing/)in the mid-1990s, it has evolved into a highly sophisticated and most frequent attack vector leading to fraud activity. Enterprises need to fundamentally change their approach to cybersecurity and align their budgets with the newly defined reality. [As per a report](https://www.herjavecgroup.com/the-2019-official-annual-cybercrime-report/), _cybersecurity expenditure will touch approximately **$6 trillion by 2021** globally_.

Statistics show that [ransomware attacks](https://www.statista.com/statistics/494947/ransomware-attacks-per-year-worldwide/) increased in 2020 by a **massive 62%** since the previous year. **74% of American organizations** suffered [phishing attacks in 2020](https://www.statista.com/statistics/1149219/share-organizations-worldwide-phishing-attack-country/).

### Decoding The Numbers in The Phishing Landscape

Although organizations are deploying considerable resources to enhance their **cybersecurity posture**, they still have a long way to go. Here are a few statistics:

- The [COVID pandemic](/blog/increased-phishing-attacks-during-pandemic-how-to-stay-safe-and-relevant-post-covid-era/) made many employees shift their work from typical office cubicles and offices to home. While the disease was already scary enough, threat actors leveraged it to attack the **vulnerable networks** in personal homes.
- Malicious actors infiltrate the enterprise network through their weakest link, the employees. [Human error](https://www.influencive.com/human-error-is-still-the-number-one-cause-of-most-data-breaches-in-2021/) remains one of the prime reasons behind data breaches.
- Most enterprises, even the big tech organizations like Facebook, Equifax, and Capital One, took [more than six months](https://www.zdnet.com/article/businesses-take-over-six-months-to-detect-data-breaches/) to detect a [data breach](/blog/data-breaches-and-phishing-attacks-how-third-party-vendors-jeopardize-organization/). Crucial information like SSNs, credit card details, and passwords might already be compromised till then.
![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2021/09/phishing-prevention-tips-3371.jpg) 

### The Human Part of the Puzzle

> “Microsoft’s built-in phishing protection in Office 365 catches the obvious attacks, but it consistently misses targeted spear phishing and zero-day threats. We see this every day - customers come to us after an incident that Microsoft Defender didn’t catch. Adding a dedicated anti-phishing layer takes five minutes and closes that gap.” - **Adam Lundrigan**, CTO, DuoCircle

The above section discussed some glaring statistics about the rising number of [phishing](/resources/what-is-phishing/) and data breach attempts, implying the need for businesses to adopt **robust anti-phishing** and [anti-ransomware solutions](/products/malware-and-ransomware-protection/). What’s important to note from these statistics is that the most crucial part of solving the cybersecurity puzzle is the human element. These _attacks are successful primarily due to the error in human judgment involved as they interact with various aspects of information technology_.

> 

\_A well-educated user is the best preventive measure against any phishing email. \_

Providing constant [phishing awareness training](/products/phishing-awareness-training/) to users using the latest resources and methods goes a long way in improving the overall cybersecurity posture for any organization. The latest development from Microsoft, known as [Office 365 Advanced Threat Protection](/office-365-phishing-protection/), has introduced some new **anti-phishing tools**. One such tool is the [Phishing Attack Simulator](/products/phishing-simulation/), which allows security administrators to run **mock security attacks** on users. _The simulation reports can then analyze their awareness and understand the organization’s vulnerability against such attacks_.

### Phishing Attack Simulator

The **Phishing Attack Simulator** is an anti-phishing resource that helps security administrators and organizations to train their employees against phishing emails and ensure email [phishing protection](/). It is a great exercise to rectify unhygienic behavioral traits and establish reasonable and educated cybersecurity responses.

[Advanced Threat Protection](/products/advanced-threat-defense/) allows administrators to use the **attack simulator** and help users become more defensive and vigilant against phishing emails that may lead to grave consequences.

### How to Launch a Phishing Attack Simulation?

Following are the steps to successfully create and launch a [Spear Phishing Attack](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/) Simulation.

- First, visit [protection.office.com](https://protection.office.com/).
- Next, click on “Threat management” in the left menu.
- Now, select “Attack simulator” from the drop-down list.
- Now, click on “Spear Phishing Attack.”
- Give a custom name to the attack.
- Next, click on “Select template.”
- Proceed to select a template and click on “Next.”
- Now, choose the targets to be attacked and click on “Next.”
- Now, set up the fake email details such as:
- From (Name) - From (Email) - Phishing Login Server URL - Custom Landing page URL - Subject
\- Next, click on "Next." - Edit the template with the WYSIWYG or HTML source and click on "Next." - Finally, click on "FINISH" to start the attack simulation.

For detailed instructions, you can [visit here](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide). Besides, if you want to launch a more comprehensive **phishing attack simulation** on your organization, you can have a look at Microsoft’s [official website](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-worldwide).

![Office 365 Phishing Statistics](https://media.mailhop.org/phishprotection/images/2021/09/Office-365-Phishing-Statistics.jpg) 

### What Do The Results of The Phishing Simulation Show?

The administrator will receive a notification once the attack is launched and also when the attack is completed.

- The results are found in the attack simulator option under the security and compliance center. _The simulation results present a detailed report that security administrators and organizations can further study_.
- The report displays the total number of targeted users in the [phishing attack simulation](/products/phishing-simulation/). It also shows successful attempts, meaning the number of users who clicked the link and entered their credentials.
- The success rate denotes the percentage of users who clicked the link and entered their credentials, falling prey to the attack simulation.
- Finally, the report presents a detailed list of users who fell prey to the **attack simulation** with the credentials and time of clicking the links.

### What Does This New Tool Mean For Businesses?

_Several small businesses keep using outdated or least-protected tools that increase the attack surface of the organizations_. At the same time, phishing simulation tools may not be very economical for many of these SMEs. Microsoft did a great job by offering these tools at affordable and accessible levels to the organizations that can use these tools to provide the best [phishing protection](/). However, email admins must remember that no single system can be considered an all-in-one/ one-for-all solution. The right approach to building a **robust cybersecurity** infrastructure is to create multiple protection systems at various layers.

![Phishing email prevention](https://media.mailhop.org/phishprotection/images/2021/09/phishing-email-prevention-8970.jpg) 

This tool can help organizations in two ways.

- Firstly, it can allow security administrators and organizations to **identify vulnerable users** or employees who need attention and training.
- Secondly, it will enable organizations to ensure that there are no vulnerabilities from within through behavioral [training of the employees](/products/phishing-awareness-training/).

As a result, this tool will considerably help organizations (whether big or small) improve their **email security** infrastructure.

### Final Words

Technology is evolving by leaps and bounds, but so are the methodologies of threat actors to target organizations. _The best defense for organizations is to stay alert and avoid falling prey to these attacks by training their employees to be more vigilant_. Accordingly, the [Phishing Simulation](/products/phishing-simulation/) tools can prove highly advantageous to businesses, especially SMEs, to keep malicious actors at bay and reduce data leakage due to **phishing scams**.

## Topics

[ Phishing Awareness ](/tags/phishing-awareness/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 14m  12 Real-World Spear Phishing Examples And The Red Flags You Missed  Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[  Foundational 2m  8 million Android users fell prey to SpyLoan malware on Google Play Store  Dec 5, 2024 ](/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/)[  Foundational 1m  A Big Part of the Phishing Problem is You  Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Microsoft 365&#8217;s New Phishing Simulation to Check Your Organization&#8217;s Email Security Posture","description":"Microsoft 365&#8217;s New Phishing Simulation to Check Your Organization&#8217;s Email Security Posture: With threats such as ransomware, phishing emails.","url":"https://phishprotection.com/blog/microsoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture/","datePublished":"2021-09-08T07:50:52.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-09-08T07:50:52.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/microsoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":1065,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/09/phishing-prevention-tips-3371.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"How to Launch a Phishing Attack Simulation?","acceptedAnswer":{"@type":"Answer","text":"Following are the steps to successfully create and launch a [Spear Phishing Attack](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/) Simulation."}},{"@type":"Question","name":"What Do The Results of The Phishing Simulation Show?","acceptedAnswer":{"@type":"Answer","text":"The administrator will receive a notification once the attack is launched and also when the attack is completed."}},{"@type":"Question","name":"What Does This New Tool Mean For Businesses?","acceptedAnswer":{"@type":"Answer","text":"Several small businesses keep using outdated or least-protected tools that increase the attack surface of the organizations_. At the same time, phishing simulation tools may not be very economical for many of these SMEs. Microsoft did a great job by offering these tools at affordable and accessib..."}}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Microsoft 365&#8217;s New Phishing Simulation to Check Your Organization&#8217;s Email Security Posture","item":"https://phishprotection.com/blog/microsoft-365s-new-phishing-simulation-to-check-organizations-email-security-posture/"}]}
```