Microsoft Entra ID · Security & Compliance
Attack Payload Author
Creates attack payloads for security awareness training but cannot launch simulations. Payloads are available to all tenant admins.
Scope: Create phishing simulation payloads for security awareness training
Permissions
- Create attack payloads
- Manage attack payloads
- Read simulation reports (own simulations only)
- Read associated training reports
Common use cases
- Creating phishing templates
- Designing security awareness content
- Building training scenarios
Best practices
- Create realistic but safe payloads
- Test payloads before publishing
- Document payload purposes
Security considerations
- Cannot launch simulations (separation of duties)
- Payloads visible to all admins
Common questions
When should I assign the Attack Payload Author role?
Assign Attack Payload Author when you need to: Creating phishing templates; Designing security awareness content; and Building training scenarios. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Attack Payload Author role do?
The Attack Payload Author role grants permissions including: Create attack payloads; Manage attack payloads; Read simulation reports (own simulations only); and Read associated training reports. See the Permissions section above for the full list.
What are the security risks of the Attack Payload Author role?
Key considerations when assigning Attack Payload Author: Cannot launch simulations (separation of duties); and Payloads visible to all admins. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.