Create an attack simulation campaign for a tenant.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
The following table lists the properties that are required when you create the simulation.
The following example shows a request.
POST https://graph.microsoft.com/v1.0/security/attackSimulation/simulations
Content-type: application/json
{
"displayName": "Graph Simulation",
"payload@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"loginPage@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"landingPage@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
"createdBy": {
"email": "john@contoso.com"
},
"durationInDays": "3",
"attackTechnique": "credentialHarvesting",
"status": "scheduled",
"includedAccountTarget": {
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",
"type": "addressBook",
"accountTargetEmails": [
"john@contoso.com"
]
},
"trainingSetting": {
"settingType": "noTraining"
},
"endUserNotificationSetting": {
"notificationPreference": "microsoft",
"settingType": "noTraining",
"positiveReinforcement": {
"deliveryPreference": "deliverAfterCampaignEnd",
"endUserNotification": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
"defaultLanguage": "en"
},
"simulationNotification": {
"targettedUserType": "compromised",
"endUserNotification@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",
"defaultLanguage": "en"
}
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new Simulation
{
DisplayName = "Graph Simulation",
CreatedBy = new EmailIdentity
{
Email = "john@contoso.com",
},
DurationInDays = 3,
AttackTechnique = SimulationAttackTechnique.CredentialHarvesting,
Status = SimulationStatus.Scheduled,
IncludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"john@contoso.com",
},
},
TrainingSetting = new TrainingSetting
{
SettingType = TrainingSettingType.NoTraining,
},
EndUserNotificationSetting = new EndUserNotificationSetting
{
NotificationPreference = EndUserNotificationPreference.Microsoft,
SettingType = EndUserNotificationSettingType.NoTraining,
PositiveReinforcement = new PositiveReinforcementNotification
{
DeliveryPreference = NotificationDeliveryPreference.DeliverAfterCampaignEnd,
EndUserNotification = "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
DefaultLanguage = "en",
},
AdditionalData = new Dictionary<string, object>
{
{
"simulationNotification" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"targettedUserType", new UntypedString("compromised")
},
{
"endUserNotification@odata.bind", new UntypedString("https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a")
},
{
"defaultLanguage", new UntypedString("en")
},
})
},
},
},
AdditionalData = new Dictionary<string, object>
{
{
"payload@odata.bind" , "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
},
{
"loginPage@odata.bind" , "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a"
},
{
"landingPage@odata.bind" , "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a"
},
},
};
// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations.PostAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
mgc security attack-simulation simulations create --body '{\
"displayName": "Graph Simulation",\
"payload@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",\
"loginPage@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",\
"landingPage@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",\
"createdBy": {\
"email": "john@contoso.com"\
},\
"durationInDays": "3",\
"attackTechnique": "credentialHarvesting",\
"status": "scheduled",\
"includedAccountTarget": {\
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",\
"type": "addressBook",\
"accountTargetEmails": [\
"john@contoso.com"\
]\
},\
"trainingSetting": {\
"settingType": "noTraining"\
},\
"endUserNotificationSetting": {\
"notificationPreference": "microsoft",\
"settingType": "noTraining",\
"positiveReinforcement": {\
"deliveryPreference": "deliverAfterCampaignEnd",\
"endUserNotification": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",\
"defaultLanguage": "en"\
},\
"simulationNotification": {\
"targettedUserType": "compromised",\
"endUserNotification@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",\
"defaultLanguage": "en"\
}\
}\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewSimulation()
displayName := "Graph Simulation"
requestBody.SetDisplayName(&displayName)
createdBy := graphmodels.NewEmailIdentity()
email := "john@contoso.com"
createdBy.SetEmail(&email)
requestBody.SetCreatedBy(createdBy)
durationInDays := int32(3)
requestBody.SetDurationInDays(&durationInDays)
attackTechnique := graphmodels.CREDENTIALHARVESTING_SIMULATIONATTACKTECHNIQUE
requestBody.SetAttackTechnique(&attackTechnique)
status := graphmodels.SCHEDULED_SIMULATIONSTATUS
requestBody.SetStatus(&status)
includedAccountTarget := graphmodels.NewAddressBookAccountTargetContent()
type := graphmodels.ADDRESSBOOK_ACCOUNTTARGETCONTENTTYPE
includedAccountTarget.SetType(&type)
accountTargetEmails := []string {
"john@contoso.com",
}
includedAccountTarget.SetAccountTargetEmails(accountTargetEmails)
requestBody.SetIncludedAccountTarget(includedAccountTarget)
trainingSetting := graphmodels.NewTrainingSetting()
settingType := graphmodels.NOTRAINING_TRAININGSETTINGTYPE
trainingSetting.SetSettingType(&settingType)
requestBody.SetTrainingSetting(trainingSetting)
endUserNotificationSetting := graphmodels.NewEndUserNotificationSetting()
notificationPreference := graphmodels.MICROSOFT_ENDUSERNOTIFICATIONPREFERENCE
endUserNotificationSetting.SetNotificationPreference(¬ificationPreference)
settingType := graphmodels.NOTRAINING_ENDUSERNOTIFICATIONSETTINGTYPE
endUserNotificationSetting.SetSettingType(&settingType)
positiveReinforcement := graphmodels.NewPositiveReinforcementNotification()
deliveryPreference := graphmodels.DELIVERAFTERCAMPAIGNEND_NOTIFICATIONDELIVERYPREFERENCE
positiveReinforcement.SetDeliveryPreference(&deliveryPreference)
endUserNotification := "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a"
positiveReinforcement.SetEndUserNotification(&endUserNotification)
defaultLanguage := "en"
positiveReinforcement.SetDefaultLanguage(&defaultLanguage)
endUserNotificationSetting.SetPositiveReinforcement(positiveReinforcement)
additionalData := map[string]interface{}{
simulationNotification := graph.New()
targettedUserType := "compromised"
simulationNotification.SetTargettedUserType(&targettedUserType)
odataBind := "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a"
simulationNotification.SetOdataBind(&odataBind)
defaultLanguage := "en"
simulationNotification.SetDefaultLanguage(&defaultLanguage)
endUserNotificationSetting.SetSimulationNotification(simulationNotification)
}
endUserNotificationSetting.SetAdditionalData(additionalData)
requestBody.SetEndUserNotificationSetting(endUserNotificationSetting)
additionalData := map[string]interface{}{
"payload@odata.bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"loginPage@odata.bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"landingPage@odata.bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
simulations, err := graphClient.Security().AttackSimulation().Simulations().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setDisplayName("Graph Simulation");
EmailIdentity createdBy = new EmailIdentity();
createdBy.setEmail("john@contoso.com");
simulation.setCreatedBy(createdBy);
simulation.setDurationInDays(3);
simulation.setAttackTechnique(SimulationAttackTechnique.CredentialHarvesting);
simulation.setStatus(SimulationStatus.Scheduled);
AddressBookAccountTargetContent includedAccountTarget = new AddressBookAccountTargetContent();
includedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
includedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails = new LinkedList<String>();
accountTargetEmails.add("john@contoso.com");
includedAccountTarget.setAccountTargetEmails(accountTargetEmails);
simulation.setIncludedAccountTarget(includedAccountTarget);
TrainingSetting trainingSetting = new TrainingSetting();
trainingSetting.setSettingType(TrainingSettingType.NoTraining);
simulation.setTrainingSetting(trainingSetting);
EndUserNotificationSetting endUserNotificationSetting = new EndUserNotificationSetting();
endUserNotificationSetting.setNotificationPreference(EndUserNotificationPreference.Microsoft);
endUserNotificationSetting.setSettingType(EndUserNotificationSettingType.NoTraining);
PositiveReinforcementNotification positiveReinforcement = new PositiveReinforcementNotification();
positiveReinforcement.setDeliveryPreference(NotificationDeliveryPreference.DeliverAfterCampaignEnd);
positiveReinforcement.setEndUserNotification("https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a");
positiveReinforcement.setDefaultLanguage("en");
endUserNotificationSetting.setPositiveReinforcement(positiveReinforcement);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
simulationNotification = new ();
simulationNotification.setTargettedUserType("compromised");
simulationNotification.setEndUserNotificationOdataBind("https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a");
simulationNotification.setDefaultLanguage("en");
additionalData.put("simulationNotification", simulationNotification);
endUserNotificationSetting.setAdditionalData(additionalData);
simulation.setEndUserNotificationSetting(endUserNotificationSetting);
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
additionalData1.put("payload@odata.bind", "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a");
additionalData1.put("loginPage@odata.bind", "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a");
additionalData1.put("landingPage@odata.bind", "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a");
simulation.setAdditionalData(additionalData1);
Simulation result = graphClient.security().attackSimulation().simulations().post(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const simulation = {
displayName: 'Graph Simulation',
'payload@odata.bind': 'https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
'loginPage@odata.bind': 'https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a',
'landingPage@odata.bind': 'https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a',
createdBy: {
email: 'john@contoso.com'
},
durationInDays: '3',
attackTechnique: 'credentialHarvesting',
status: 'scheduled',
includedAccountTarget: {
'@odata.type': '#microsoft.graph.addressBookAccountTargetContent',
type: 'addressBook',
accountTargetEmails: [
'john@contoso.com'
]
},
trainingSetting: {
settingType: 'noTraining'
},
endUserNotificationSetting: {
notificationPreference: 'microsoft',
settingType: 'noTraining',
positiveReinforcement: {
deliveryPreference: 'deliverAfterCampaignEnd',
endUserNotification: 'https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a',
defaultLanguage: 'en'
},
simulationNotification: {
targettedUserType: 'compromised',
'endUserNotification@odata.bind': 'https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a',
defaultLanguage: 'en'
}
}
};
await client.api('/security/attackSimulation/simulations')
.post(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Simulation;
use Microsoft\Graph\Generated\Models\EmailIdentity;
use Microsoft\Graph\Generated\Models\SimulationAttackTechnique;
use Microsoft\Graph\Generated\Models\SimulationStatus;
use Microsoft\Graph\Generated\Models\AddressBookAccountTargetContent;
use Microsoft\Graph\Generated\Models\AccountTargetContentType;
use Microsoft\Graph\Generated\Models\TrainingSetting;
use Microsoft\Graph\Generated\Models\TrainingSettingType;
use Microsoft\Graph\Generated\Models\EndUserNotificationSetting;
use Microsoft\Graph\Generated\Models\EndUserNotificationPreference;
use Microsoft\Graph\Generated\Models\EndUserNotificationSettingType;
use Microsoft\Graph\Generated\Models\PositiveReinforcementNotification;
use Microsoft\Graph\Generated\Models\NotificationDeliveryPreference;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Simulation();
$requestBody->setDisplayName('Graph Simulation');
$createdBy = new EmailIdentity();
$createdBy->setEmail('john@contoso.com');
$requestBody->setCreatedBy($createdBy);
$requestBody->setDurationInDays(3);
$requestBody->setAttackTechnique(new SimulationAttackTechnique('credentialHarvesting'));
$requestBody->setStatus(new SimulationStatus('scheduled'));
$includedAccountTarget = new AddressBookAccountTargetContent();
$includedAccountTarget->setOdataType('#microsoft.graph.addressBookAccountTargetContent');
$includedAccountTarget->setType(new AccountTargetContentType('addressBook'));
$includedAccountTarget->setAccountTargetEmails(['john@contoso.com', ]);
$requestBody->setIncludedAccountTarget($includedAccountTarget);
$trainingSetting = new TrainingSetting();
$trainingSetting->setSettingType(new TrainingSettingType('noTraining'));
$requestBody->setTrainingSetting($trainingSetting);
$endUserNotificationSetting = new EndUserNotificationSetting();
$endUserNotificationSetting->setNotificationPreference(new EndUserNotificationPreference('microsoft'));
$endUserNotificationSetting->setSettingType(new EndUserNotificationSettingType('noTraining'));
$endUserNotificationSettingPositiveReinforcement = new PositiveReinforcementNotification();
$endUserNotificationSettingPositiveReinforcement->setDeliveryPreference(new NotificationDeliveryPreference('deliverAfterCampaignEnd'));
$endUserNotificationSettingPositiveReinforcement->setEndUserNotification('https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a');
$endUserNotificationSettingPositiveReinforcement->setDefaultLanguage('en');
$endUserNotificationSetting->setPositiveReinforcement($endUserNotificationSettingPositiveReinforcement);
$additionalData = [
'simulationNotification' => [
'targettedUserType' => 'compromised',
'endUserNotification@odata.bind' => 'https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a',
'defaultLanguage' => 'en',
],
];
$endUserNotificationSetting->setAdditionalData($additionalData);
$requestBody->setEndUserNotificationSetting($endUserNotificationSetting);
$additionalData = [
'payload@odata.bind' => 'https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
'loginPage@odata.bind' => 'https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a',
'landingPage@odata.bind' => 'https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a',
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->security()->attackSimulation()->simulations()->post($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Security
$params = @{
displayName = "Graph Simulation"
"payload@odata.bind" = "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
"loginPage@odata.bind" = "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a"
"landingPage@odata.bind" = "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a"
createdBy = @{
email = "john@contoso.com"
}
durationInDays = "3"
attackTechnique = "credentialHarvesting"
status = "scheduled"
includedAccountTarget = @{
"@odata.type" = "#microsoft.graph.addressBookAccountTargetContent"
type = "addressBook"
accountTargetEmails = @(
"john@contoso.com"
)
}
trainingSetting = @{
settingType = "noTraining"
}
endUserNotificationSetting = @{
notificationPreference = "microsoft"
settingType = "noTraining"
positiveReinforcement = @{
deliveryPreference = "deliverAfterCampaignEnd"
endUserNotification = "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a"
defaultLanguage = "en"
}
simulationNotification = @{
targettedUserType = "compromised"
"endUserNotification@odata.bind" = "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a"
defaultLanguage = "en"
}
}
}
New-MgSecurityAttackSimulation -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.simulation import Simulation
from msgraph.generated.models.email_identity import EmailIdentity
from msgraph.generated.models.simulation_attack_technique import SimulationAttackTechnique
from msgraph.generated.models.simulation_status import SimulationStatus
from msgraph.generated.models.address_book_account_target_content import AddressBookAccountTargetContent
from msgraph.generated.models.account_target_content_type import AccountTargetContentType
from msgraph.generated.models.training_setting import TrainingSetting
from msgraph.generated.models.training_setting_type import TrainingSettingType
from msgraph.generated.models.end_user_notification_setting import EndUserNotificationSetting
from msgraph.generated.models.end_user_notification_preference import EndUserNotificationPreference
from msgraph.generated.models.end_user_notification_setting_type import EndUserNotificationSettingType
from msgraph.generated.models.positive_reinforcement_notification import PositiveReinforcementNotification
from msgraph.generated.models.notification_delivery_preference import NotificationDeliveryPreference
# To initialize your graph_client, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Simulation(
display_name = "Graph Simulation",
created_by = EmailIdentity(
email = "john@contoso.com",
),
duration_in_days = 3,
attack_technique = SimulationAttackTechnique.CredentialHarvesting,
status = SimulationStatus.Scheduled,
included_account_target = AddressBookAccountTargetContent(
odata_type = "#microsoft.graph.addressBookAccountTargetContent",
type = AccountTargetContentType.AddressBook,
account_target_emails = [
"john@contoso.com",
],
),
training_setting = TrainingSetting(
setting_type = TrainingSettingType.NoTraining,
),
end_user_notification_setting = EndUserNotificationSetting(
notification_preference = EndUserNotificationPreference.Microsoft,
setting_type = EndUserNotificationSettingType.NoTraining,
positive_reinforcement = PositiveReinforcementNotification(
delivery_preference = NotificationDeliveryPreference.DeliverAfterCampaignEnd,
end_user_notification = "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
default_language = "en",
),
additional_data = {
"simulation_notification" : {
"targetted_user_type" : "compromised",
"end_user_notification@odata_bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",
"default_language" : "en",
},
}
),
additional_data = {
"payload@odata_bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"login_page@odata_bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"landing_page@odata_bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
}
)
result = await graph_client.security.attack_simulation.simulations.post(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
The following example shows the response.