CONFIGURING A PHISHING CAMPAIGN IN MICROSOFT DEFENDER.

Configuring a phishing campaign in Microsoft Defender (specifically Microsoft Defender for Office 365) involves creating a simulated attack to test and educate users on recognizing and responding to phishing attempts. Here’s a step-by-step guide:

Firstly, you check Jira ticket, find the previous or current phishing monthly campaign. The previous report would have taken a screenshot and what the payload. The payload is the technical link, it's also what and how it is delivered. 

Access Microsoft Defender for Office 365

1. Sign in to the Microsoft 365 Defender portal at https://security.microsoft.com.
2. In the left-hand navigation pane, select "Email & collaboration".

Navigate to Attack Simulation Training

1. Under "Training & simulation", click on "Attack simulation training".
2. If this is your first time using the feature, you might need to go through a brief setup process to enable the Attack simulation training feature.

Create a New Simulation

1. Click on "Simulations & Training" in the top menu.
2. Click "Create a simulation".

Define Simulation Details

1. Simulation Name: Enter a descriptive name for the phishing campaign.
2. Target Users: Choose the users or groups you want to target. You can select specific users, groups, or even upload a CSV file with the targeted email addresses.

Choose an Attack Technique

1. Choose "Phishing" as the attack technique.
2. Select a specific type of phishing attack, such as credential harvesting, link in attachment, or link to a fake login page.

Select a Template

1. Microsoft provides various phishing templates. Choose a template that best fits the campaign you want to run.
2. You can preview the template to see how the phishing email will appear to the end-user.

Customize the Phishing Email

1. You can either use the selected template as is or customize the content to better fit your organizational needs.
2. Modify the subject line, body content, and sender name if necessary.

Set Launch Options

1. Choose the launch date and time for your simulation. You can launch immediately or schedule it for a future time.
2. Optionally, you can choose to repeat the simulation to cover different users or to run periodic tests.

Assign Training

1. After the phishing simulation, users who fall for the attack can be assigned training automatically.
2. Choose or create specific training courses that will be assigned to users who clicked on the phishing link or submitted credentials.

Review and Launch

1. Review all your settings and make sure everything is configured as desired.
2. Click "Launch simulation" to start the campaign.

Monitor the Campaign

1. Once the campaign is launched, you can monitor its progress from the "Simulation & Training" dashboard.
2. Track which users received the phishing email, who clicked on it, and who submitted credentials.

Analyze Results

1. After the campaign concludes, go to the "Reports" section to analyze the results.
2. Review metrics such as click rates, credential submission rates, and completion rates for any assigned training.
3. Use these insights to understand the organization's susceptibility to phishing and to refine future training efforts.

Follow Up

1. Based on the results, consider scheduling additional training sessions for users who were susceptible to the phishing simulation.
2. Continue to periodically run phishing simulations to track improvement and maintain user awareness.

Reference:

Microsoft