Microsoft Entra ID · Security & Compliance

Attack Simulation Administrator

Can create and manage all aspects of attack simulation campaigns including phishing simulations, payload creation, and campaign reporting.

Scope: Full attack simulation campaign creation and management

Permissions

  • Admin Center - Read admin center properties
  • Payloads - Manage attack payloads
  • Reports - Read attack simulation reports
  • Simulations - Manage attack simulations
  • Campaigns - Create and launch phishing simulation campaigns
  • Payloads - Create custom simulation payloads and templates
  • Results - View simulation results and user performance
  • Training - Manage training assignments from simulations
  • Schedules - Configure simulation schedules and automation
  • Content - Access attack simulation training content

Common use cases

  • Phishing simulation campaigns
  • Security awareness training programs
  • User risk assessment and baselining
  • Compliance training requirements
  • Social engineering awareness testing
  • Credential harvesting simulations
  • Business email compromise testing
  • Targeted attack simulations
  • Training content assignment
  • Security culture measurement

Best practices

  • Coordinate with HR and Legal before launching simulations
  • Communicate simulation programs to leadership
  • Start with baseline simulations before targeted campaigns
  • Track improvement trends over time
  • Integrate with security awareness training
  • Avoid simulations during high-stress periods
  • Provide immediate training for users who fail
  • Use varied simulation types and complexity
  • Consider cultural and regional sensitivity
  • Document simulation policies and procedures
  • Review and update payloads regularly

Security considerations

  • Simulations can cause user anxiety if not communicated
  • Payload creation requires careful handling
  • Simulation data includes user performance information
  • Coordinate with incident response for false positives
  • Ensure simulations comply with organizational policies
  • Consider privacy implications of tracking
  • Audit access to simulation results
  • Separate from production phishing response workflows

Official Microsoft Learn documentation →

Open the interactive RBACMap →