From dcc621cea0fcb83336f4ac717e442e462d25b713 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Aug 2024 16:23:01 -0700 Subject: [PATCH 1/9] Correct capitalization in file name --- .../attack-simulation-training-payloads.md | 2 +- ...ttack-sim-training-payloads-global-qr-codes.png} | Bin 2 files changed, 1 insertion(+), 1 deletion(-) rename defender-office-365/media/{attack-sim-training-payloads-global-QR-codes.png => attack-sim-training-payloads-global-qr-codes.png} (100%) diff --git a/defender-office-365/attack-simulation-training-payloads.md b/defender-office-365/attack-simulation-training-payloads.md index 02ad2a2235..2cd6f1ed1d 100644 --- a/defender-office-365/attack-simulation-training-payloads.md +++ b/defender-office-365/attack-simulation-training-payloads.md @@ -140,7 +140,7 @@ On the **Global payloads** tab of **Content library** \> **Payloads** at Date: Mon, 26 Aug 2024 17:31:46 -0700 Subject: [PATCH 2/9] Fix blind link "Write brief but meaningful link text, using the title or a description of a page rather than a generic phrase like 'click here'." Microsoft Writing Style Guide: https://styleguides.azurewebsites.net/Styleguide/Read?id=2700&topicid=34905 --- includes/mdo-trial-banner.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/mdo-trial-banner.md b/includes/mdo-trial-banner.md index 7bd1de17f4..3cb9f1c48e 100644 --- a/includes/mdo-trial-banner.md +++ b/includes/mdo-trial-banner.md @@ -12,4 +12,4 @@ search.appverid: met150 --- > [!TIP] -> *Did you know you can try the features in Microsoft Defender XDR for Office 365 Plan 2 for free?* Use the 90-day Defender for Office 365 trial at the [Microsoft Defender portal trials hub](https://security.microsoft.com/trialHorizontalHub?sku=MDO&ref=DocsRef). Learn about who can sign up and trial terms [here](/defender-office-365/try-microsoft-defender-for-office-365). +> *Did you know you can try the features in Microsoft Defender XDR for Office 365 Plan 2 for free?* Use the 90-day Defender for Office 365 trial at the [Microsoft Defender portal trials hub](https://security.microsoft.com/trialHorizontalHub?sku=MDO&ref=DocsRef). Learn about who can sign up and trial terms on [Try Microsoft Defender for Office 365](/defender-office-365/try-microsoft-defender-for-office-365). From f2667b99dd2133134acfb3d965ae7eb413e2f52c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Aug 2024 17:33:27 -0700 Subject: [PATCH 3/9] Remove unhelpful lightbox --- defender-office-365/anti-spoofing-spoof-intelligence.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-office-365/anti-spoofing-spoof-intelligence.md b/defender-office-365/anti-spoofing-spoof-intelligence.md index 07d0bd3f70..0bf5696a96 100644 --- a/defender-office-365/anti-spoofing-spoof-intelligence.md +++ b/defender-office-365/anti-spoofing-spoof-intelligence.md @@ -94,7 +94,7 @@ The rest of this article explains how to use the spoof intelligence insight in t 3. On the **Spoofed senders** tab, the spoof intelligence insight looks like this: - :::image type="content" source="media/m365-sc-spoof-intelligence-insight.png" alt-text="The Spoof intelligence insight on the Anti-phishing policy page" lightbox="media/m365-sc-spoof-intelligence-insight.png"::: + :::image type="content" source="media/m365-sc-spoof-intelligence-insight.png" alt-text="The Spoof intelligence insight on the Anti-phishing policy page"::: The insight has two modes: From 718d5aebabd0107fbc6dc276c032e79e896930d6 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Aug 2024 17:40:14 -0700 Subject: [PATCH 4/9] Add second foot note to the first in the same note --- .../attack-simulation-training-get-started.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/defender-office-365/attack-simulation-training-get-started.md b/defender-office-365/attack-simulation-training-get-started.md index 0027de95f9..848ad9ad25 100644 --- a/defender-office-365/attack-simulation-training-get-started.md +++ b/defender-office-365/attack-simulation-training-get-started.md @@ -49,6 +49,7 @@ Watch this short video to learn more about Attack simulation training. - For more information about the availability of Attack simulation training across different Microsoft 365 subscriptions, see [Microsoft Defender for Office 365 service description](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description). - You need to be assigned permissions before you can do the procedures in this article. You have the following options: + - [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): You need membership in one of the following roles: - **Global Administrator**¹ - **Security Administrator** @@ -57,8 +58,8 @@ Watch this short video to learn more about Attack simulation training. > [!IMPORTANT] > ¹ Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role. - - ² Adding users to this role group in [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md) is currently unsupported. + > + > ² Adding users to this role group in [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md) is currently unsupported. Currently, [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) isn't supported. From 812ca5a5398f54ea174bdc6b644f6dea0d99f21c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Aug 2024 17:46:46 -0700 Subject: [PATCH 5/9] Remove the clearly unhelpful lightboxes --- .../attack-simulation-training-insights.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/defender-office-365/attack-simulation-training-insights.md b/defender-office-365/attack-simulation-training-insights.md index d6d009f36b..88f45b6736 100644 --- a/defender-office-365/attack-simulation-training-insights.md +++ b/defender-office-365/attack-simulation-training-insights.md @@ -71,7 +71,7 @@ Selecting **View all simulations** takes you to the **Simulations** tab. Selecting **Launch a simulation** starts the new simulation wizard. For more information, see [Simulate a phishing attack in Defender for Office 365](attack-simulation-training-simulations.md). -:::image type="content" source="media/attack-sim-training-overview-recent-simulations-card.png" alt-text="The Recent simulations card on the Overview tab in Attack simulation training in the Microsoft Defender portal." lightbox="media/attack-sim-training-overview-recent-simulations-card.png"::: +:::image type="content" source="media/attack-sim-training-overview-recent-simulations-card.png" alt-text="The Recent simulations card on the Overview tab in Attack simulation training in the Microsoft Defender portal."::: ### Recommendations card @@ -79,7 +79,7 @@ The **Recommendations** card on the **Overview** tab suggests different types of Selecting **Launch now** starts the new simulation wizard with the specified simulation type automatically selected on the **Select technique** page. For more information, see [Simulate a phishing attack in Defender for Office 365](attack-simulation-training-simulations.md). -:::image type="content" source="media/attack-sim-training-overview-recommendations-card.png" alt-text="The Recommendations card on the Overview tab in Attack simulation training in the Microsoft Defender portal." lightbox="media/attack-sim-training-overview-recommendations-card.png"::: +:::image type="content" source="media/attack-sim-training-overview-recommendations-card.png" alt-text="The Recommendations card on the Overview tab in Attack simulation training in the Microsoft Defender portal."::: ### Simulation coverage card @@ -89,7 +89,7 @@ Selecting **View simulation coverage report** takes you to the [User coverage ta Selecting **Launch simulation for non-simulated users** starts the new simulation wizard where the users who didn't receive the simulation are automatically selected on the **Target user** page. For more information, see [Simulate a phishing attack in Defender for Office 365](attack-simulation-training-simulations.md). -:::image type="content" source="media/attack-sim-training-overview-sim-coverage-card.png" alt-text="The Simulation coverage card on the Overview tab in Attack simulation training in the Microsoft Defender portal." lightbox="media/attack-sim-training-overview-sim-coverage-card.png"::: +:::image type="content" source="media/attack-sim-training-overview-sim-coverage-card.png" alt-text="The Simulation coverage card on the Overview tab in Attack simulation training in the Microsoft Defender portal."::: ### Training completion card @@ -103,7 +103,7 @@ You can hover over a section in the chart to see the actual number of users in e Selecting **View training completion report** takes you to the [Training completion tab for the Attack simulation report](#training-completion-tab-for-the-attack-simulation-report). -:::image type="content" source="media/attack-sim-training-overview-training-complete-card.png" alt-text="The Training completion card on the Overview tab in Attack simulation training in the Microsoft Defender portal." lightbox="media/attack-sim-training-overview-training-complete-card.png"::: +:::image type="content" source="media/attack-sim-training-overview-training-complete-card.png" alt-text="The Training completion card on the Overview tab in Attack simulation training in the Microsoft Defender portal."::: ### Repeat offenders card @@ -120,7 +120,7 @@ The chart organizes repeat offender data by [simulation type](attack-simulation- Selecting **View repeat offender report** takes you to the [Repeat offenders tab for the Attack simulation report](#repeat-offenders-tab-for-the-attack-simulation-report). -:::image type="content" source="media/attack-sim-training-overview-repeat-offenders-card.png" alt-text="The Repeat offenders card on the Overview tab in Attack simulation training in the Microsoft Defender portal" lightbox="media/attack-sim-training-overview-repeat-offenders-card.png"::: +:::image type="content" source="media/attack-sim-training-overview-repeat-offenders-card.png" alt-text="The Repeat offenders card on the Overview tab in Attack simulation training in the Microsoft Defender portal"::: ### Behavior impact on compromise rate card @@ -135,7 +135,7 @@ If you hover over a data point in the chart, the actual percentage values are sh To see a detailed report, select **View simulations and training efficacy report**. This report is explained [later in this article](#training-efficacy-tab-for-the-attack-simulation-report). -:::image type="content" source="media/attack-sim-training-overview-behavior-impact-card.png" alt-text="The Behavior impact on compromise rate card on the Overview tab in Attack simulation training in the Microsoft Defender portal." lightbox="media/attack-sim-training-overview-behavior-impact-card.png"::: +:::image type="content" source="media/attack-sim-training-overview-behavior-impact-card.png" alt-text="The Behavior impact on compromise rate card on the Overview tab in Attack simulation training in the Microsoft Defender portal."::: ## Attack simulation report @@ -250,7 +250,7 @@ The simulation report shows the details of in-progress or completed simulations - On the **Overview** tab of the **Attack simulation training** page at , select a simulation from the [Recent simulations card](#recent-simulations-card). - :::image type="content" source="media/attack-sim-training-overview-recent-simulations-card.png" alt-text="The Recent simulations card on the Overview tab in Attack simulation training in the Microsoft Defender portal." lightbox="media/attack-sim-training-overview-recent-simulations-card.png"::: + :::image type="content" source="media/attack-sim-training-overview-recent-simulations-card.png" alt-text="The Recent simulations card on the Overview tab in Attack simulation training in the Microsoft Defender portal."::: - On the **Simulations** tab of the **Attack simulation training** page at , select a simulation by clicking anywhere in the row other than the check box next to the name. For more information, see [View simulation reports](attack-simulation-training-simulations.md#view-simulation-reports). @@ -305,7 +305,7 @@ Select **View compromised users** to go to the [Users tab](attack-simulation-tra Select **View users who reported** to go to the [Users tab](attack-simulation-training-simulations.md#users-tab) tab in the report where the results are filtered by **Reported message: Yes**. -:::image type="content" source="media/attack-sim-report-simulation-report-tab-simulation-impact.png" alt-text="The Simulation impact section on the Report tab of a simulation report for a simulation." lightbox="media/attack-sim-report-simulation-report-tab-simulation-impact.png"::: +:::image type="content" source="media/attack-sim-report-simulation-report-tab-simulation-impact.png" alt-text="The Simulation impact section on the Report tab of a simulation report for a simulation."::: #### All user activity section in the report for simulations @@ -321,7 +321,7 @@ The **All user activity** section on **Report** tab** for a simulation shows num Select **View all users** to go to the [Users tab](attack-simulation-training-simulations.md#users-tab) tab in the report where the results are unfiltered. -:::image type="content" source="media/attack-sim-report-simulation-report-tab-all-user-activity.png" alt-text="The All users activity section on the Report tab of a simulation report for a simulation." lightbox="media/attack-sim-report-simulation-report-tab-all-user-activity.png"::: +:::image type="content" source="media/attack-sim-report-simulation-report-tab-all-user-activity.png" alt-text="The All users activity section on the Report tab of a simulation report for a simulation."::: #### Delivery status section in the report for simulations @@ -335,7 +335,7 @@ Select **View users to whom message delivery failed** to go to the [Users tab](a Select **View excluded users or groups** to open an **Excluded users or groups** flyout that shows the users or groups that were excluded from the simulation. -:::image type="content" source="media/attack-sim-report-simulation-report-tab-delivery-status.png" alt-text="The Delivery status section on the Report tab of a simulation report for a simulation." lightbox="media/attack-sim-report-simulation-report-tab-delivery-status.png"::: +:::image type="content" source="media/attack-sim-report-simulation-report-tab-delivery-status.png" alt-text="The Delivery status section on the Report tab of a simulation report for a simulation."::: #### Training completion section in the report for simulations @@ -343,7 +343,7 @@ The **Training completion** section on the simulation details page shows the tra If no trainings were included in the simulation, the only value in this section is **Trainings were not part of this simulation**. -:::image type="content" source="media/attack-sim-report-simulation-report-tab-training-completion.png" alt-text="The Training completion section on the Report tab of a simulation report for a simulation." lightbox="media/attack-sim-report-simulation-report-tab-training-completion.png"::: +:::image type="content" source="media/attack-sim-report-simulation-report-tab-training-completion.png" alt-text="The Training completion section on the Report tab of a simulation report for a simulation."::: #### First & average instance section in the report for simulations @@ -354,13 +354,13 @@ The **First & average instance** section on **Report** tab** for a simulation sh - **First credential entered** - **Avg. credential entered** -:::image type="content" source="media/attack-sim-report-simulation-report-tab-first-and-average-instances.png" alt-text="The First & average instance section on the Report tab of a simulation report for a simulation." lightbox="media/attack-sim-report-simulation-report-tab-first-and-average-instances.png"::: +:::image type="content" source="media/attack-sim-report-simulation-report-tab-first-and-average-instances.png" alt-text="The First & average instance section on the Report tab of a simulation report for a simulation."::: #### Recommendations section in the report for simulations The **Recommendations** section on **Report** tab** for a simulation shows recommendations for using Attack simulation training to help secure your organization. -:::image type="content" source="media/attack-sim-report-simulation-report-tab-recommendations.png" alt-text="The Recommendations section on the Report tab of a simulation report for a simulation." lightbox="media/attack-sim-report-simulation-report-tab-recommendations.png"::: +:::image type="content" source="media/attack-sim-report-simulation-report-tab-recommendations.png" alt-text="The Recommendations section on the Report tab of a simulation report for a simulation."::: ### Simulation report for Training campaigns @@ -372,7 +372,7 @@ This section describes the information in the simulation report for Training cam The **Training completion classification** section on **Report** tab** for a Training campaign shows information about the completed Training modules in the Training campaign. -:::image type="content" source="media/attack-sim-report-training-campaign-report-tab-training-completion-classification.png" alt-text="The Training completion classification section on the Report tab in the Training campaign report in Attack simulation training." lightbox="media/attack-sim-report-training-campaign-report-tab-training-completion-classification.png"::: +:::image type="content" source="media/attack-sim-report-training-campaign-report-tab-training-completion-classification.png" alt-text="The Training completion classification section on the Report tab in the Training campaign report in Attack simulation training."::: #### Training completion summary section in the report for Training campaigns @@ -386,7 +386,7 @@ The **Training completion summary** section on **Report** tab** for a Training c You can hover over a section in the chart to see the actual percentage in each category. -:::image type="content" source="media/attack-sim-report-training-campaign-report-tab-training-completion-summary.png" alt-text="The Training completion summary section on the Report tab in the Training campaign report in Attack simulation training." lightbox="media/attack-sim-report-training-campaign-report-tab-training-completion-summary.png"::: +:::image type="content" source="media/attack-sim-report-training-campaign-report-tab-training-completion-summary.png" alt-text="The Training completion summary section on the Report tab in the Training campaign report in Attack simulation training."::: #### All user activity section in the report for Training campaigns @@ -394,7 +394,7 @@ The **All user activity** section on **Report** tab** for a Training campaign us You can hover over a section in the chart to see the actual numbers in each category. -:::image type="content" source="media/attack-sim-report-training-campaign-report-tab-all-user-activity.png" alt-text="The All user activity section on the Report tab in the Training campaign report in Attack simulation training." lightbox="media/attack-sim-report-training-campaign-report-tab-all-user-activity.png"::: +:::image type="content" source="media/attack-sim-report-training-campaign-report-tab-all-user-activity.png" alt-text="The All user activity section on the Report tab in the Training campaign report in Attack simulation training."::: ## Appendix From 40eba98c24bd53a83f2c73bb2e9cc709c23d17a7 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Aug 2024 17:51:37 -0700 Subject: [PATCH 6/9] Remove unhelpful lightboxes --- .../attack-simulation-training-payloads.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/defender-office-365/attack-simulation-training-payloads.md b/defender-office-365/attack-simulation-training-payloads.md index 2cd6f1ed1d..07b76a1095 100644 --- a/defender-office-365/attack-simulation-training-payloads.md +++ b/defender-office-365/attack-simulation-training-payloads.md @@ -241,7 +241,7 @@ You can also create custom payloads that use QR codes as phishing links as descr > [!TIP] > The **Formatting controls** bar contains an **Insert QR code** action that you can use instead of selecting **Insert QR code** control from the **Dynamic tag** dropdown list for applicable social engineering techniques (currently in Preview): > - > :::image type="content" source="media/attack-sim-training-payloads-formatting-controls-insert-qr-code.png" alt-text="The Insert QR code action in the formatting controls on the Configure payload page of the new payload creation wizard." lightbox="media/attack-sim-training-payloads-formatting-controls-insert-qr-code.png"::: + > :::image type="content" source="media/attack-sim-training-payloads-formatting-controls-insert-qr-code.png" alt-text="The Insert QR code action in the formatting controls on the Configure payload page of the new payload creation wizard."::: > > See the **Insert QR code** control description for details about adding QR codes to a payload. @@ -277,11 +277,11 @@ You can also create custom payloads that use QR codes as phishing links as descr - **Top left corner** - **Center** - :::image type="content" source="media/attack-sim-training-payloads-insert-qr-code-flyout.png" alt-text="The Insert QR code flyout from the Configure payload page of the new payload creation wizard." lightbox="media/attack-sim-training-payloads-insert-qr-code-flyout.png"::: + :::image type="content" source="media/attack-sim-training-payloads-insert-qr-code-flyout.png" alt-text="The Insert QR code flyout from the Configure payload page of the new payload creation wizard."::: When you're finished on the **Insert QR code** flyout, select **Save**. - :::image type="content" source="media/attack-sim-training-payloads-qr-code-inserted.png" alt-text="QR code inserted in the email message of the payload during payload creation." lightbox="media/attack-sim-training-payloads-qr-code-inserted.png"::: + :::image type="content" source="media/attack-sim-training-payloads-qr-code-inserted.png" alt-text="QR code inserted in the email message of the payload during payload creation."::: > [!TIP] > @@ -358,7 +358,7 @@ You can also create custom payloads that use QR codes as phishing links as descr If you select the email message subject or the message body as the location for the indicator, **Select text** appears. In the **Select required text** flyout that opens, select (highlight) the text in the message subject or message body where you want the indicator to appear. When you're finished, select **Select**. - :::image type="content" source="media/attack-sim-training-payloads-add-indicators-select-location.png" alt-text="The Selected text location in the message body to add to an indicator in the new payload wizard in Attack simulation training" lightbox="media/attack-sim-training-payloads-add-indicators-select-location.png"::: + :::image type="content" source="media/attack-sim-training-payloads-add-indicators-select-location.png" alt-text="The Selected text location in the message body to add to an indicator in the new payload wizard in Attack simulation training"::: Back on the **Add indicator** flyout, the selected text appears in the **Text selected** section. @@ -390,7 +390,7 @@ You can also create custom payloads that use QR codes as phishing links as descr When you're finished on the **Review payload** page, select **Submit**. On the confirmation page that appears, select **Done**. - :::image type="content" source="media/attack-sim-training-payloads-review-payload.png" alt-text="The Review payload page in Attack simulation training in the Microsoft Defender portal" lightbox="media/attack-sim-training-payloads-review-payload.png"::: + :::image type="content" source="media/attack-sim-training-payloads-review-payload.png" alt-text="The Review payload page in Attack simulation training in the Microsoft Defender portal"::: 8. On the **New payload created** page, you can use the links to view all simulations or go to the Attack simulation training overview. From 1ac8bc052cb4c228f799fdc6476f2a2fd423852b Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Aug 2024 19:30:48 -0700 Subject: [PATCH 7/9] Remove clearly unhelpful lightboxes --- .../attack-simulation-training-simulation-automations.md | 6 +++--- .../attack-simulation-training-simulations.md | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/defender-office-365/attack-simulation-training-simulation-automations.md b/defender-office-365/attack-simulation-training-simulation-automations.md index 30e1bb393e..0795b83aa0 100644 --- a/defender-office-365/attack-simulation-training-simulation-automations.md +++ b/defender-office-365/attack-simulation-training-simulation-automations.md @@ -75,7 +75,7 @@ On the **Select social engineering techniques** page, select one or more of the If you select the **View details** link in the description, a details flyout opens that describes the technique and the simulation steps that result from the technique. -:::image type="content" source="media/attack-sim-training-simulations-select-technique-sim-steps.png" alt-text="The Details flyout for the credential harvest technique on the Select social engineering techniques page" lightbox="media/attack-sim-training-simulations-select-technique-sim-steps.png"::: +:::image type="content" source="media/attack-sim-training-simulations-select-technique-sim-steps.png" alt-text="The Details flyout for the credential harvest technique on the Select social engineering techniques page"::: When you're finished on the **Select social engineering techniques** page, select **Next**. @@ -238,7 +238,7 @@ On the **Target users** page, select who receives the simulation. Use the follow - Select **All Title** - Select existing Title values. If the link is available, select **See all Titles** to see the complete list of available Title values. - :::image type="content" source="media/attack-sim-training-simulations-target-users-filter-by-category.png" alt-text="The User filtering on the Target users page in Attack simulation training in the Microsoft Defender portal" lightbox="media/attack-sim-training-simulations-target-users-filter-by-category.png"::: + :::image type="content" source="media/attack-sim-training-simulations-target-users-filter-by-category.png" alt-text="The User filtering on the Target users page in Attack simulation training in the Microsoft Defender portal."::: You can use some or all of the search categories to find users and groups. If you select multiple categories, the AND operator is used. Any users or groups must match both values to be returned in the results (which is virtually impossible if you use the value **All** in multiple categories). @@ -306,7 +306,7 @@ In the **Add training** flyout that opens, use the following tabs to select trai - **Recommended** tab: Shows the recommended built-in trainings based on the simulation configuration. These trainings are the same trainings that would have been assigned if you selected **Assign training for me (Recommended)** on the previous page. - **All trainings** tab: Shows all built-in trainings that are available. -:::image type="content" source="media/attack-sim-training-simulations-assign-training-add-recommended-training.png" alt-text="The option to add the recommended training on the Training assignment page in Attack simulation training in the Microsoft Defender portal" lightbox="media/attack-sim-training-simulations-assign-training-add-recommended-training.png"::: +:::image type="content" source="media/attack-sim-training-simulations-assign-training-add-recommended-training.png" alt-text="The option to add the recommended training on the Training assignment page in Attack simulation training in the Microsoft Defender portal"::: On either tab, the following information is shown for each training: diff --git a/defender-office-365/attack-simulation-training-simulations.md b/defender-office-365/attack-simulation-training-simulations.md index 73f2b98cc2..c98077b3e4 100644 --- a/defender-office-365/attack-simulation-training-simulations.md +++ b/defender-office-365/attack-simulation-training-simulations.md @@ -60,7 +60,7 @@ If you select the **View details** link in the description, a details flyout ope For more information about the different social engineering techniques, see [Simulations](attack-simulation-training-get-started.md#simulations). -:::image type="content" source="media/attack-sim-training-simulations-select-technique-sim-steps.png" alt-text="The Details flyout for the credential harvest technique on the Select technique page" lightbox="media/attack-sim-training-simulations-select-technique-sim-steps.png"::: +:::image type="content" source="media/attack-sim-training-simulations-select-technique-sim-steps.png" alt-text="The Details flyout for the credential harvest technique on the Select technique page"::: When you're finished on the **Select technique** page, select **Next**. @@ -118,7 +118,7 @@ When you're finished configuring filters, select **Apply**, **Cancel**, or :::im If you select a payload by selecting the check box next to the name, a :::image type="icon" source="media/m365-cc-sc-create-icon.png" border="false"::: **Send a test** action appears above the list of payloads. Use this action to send a copy of the payload email to yourself (the currently logged in user) for inspection. -:::image type="content" source="media/attack-sim-training-simulations-select-payload-global-tab.png" alt-text="The Global payloads tab on the Select payload page with a payload selected and the Send a test action in Attack simulation training." lightbox="media/attack-sim-training-simulations-select-payload-global-tab.png"::: +:::image type="content" source="media/attack-sim-training-simulations-select-payload-global-tab.png" alt-text="The Global payloads tab on the Select payload page with a payload selected and the Send a test action in Attack simulation training."::: On the **Tenant payloads** tab, if no payloads are available or if you want to create your own payload, select :::image type="icon" source="media/m365-cc-sc-create-icon.png" border="false"::: **Create a payload**. The creation steps are the same as at **Attack simulation training** \> **Content library** tab \> **Payloads** \> **Tenant payloads** tab. For more information, see [Create custom payloads for Attack simulation training](attack-simulation-training-payloads.md#create-payloads). @@ -254,7 +254,7 @@ On the **Target users** page, select who receives the simulation. Use the follow - Select **All Title** - Select existing Title values. If the link is available, select **See all Titles** to see the complete list of available Title values. - :::image type="content" source="media/attack-sim-training-simulations-target-users-filter-by-category.png" alt-text="The User filtering on the Target users page in Attack simulation training in the Microsoft Defender portal" lightbox="media/attack-sim-training-simulations-target-users-filter-by-category.png"::: + :::image type="content" source="media/attack-sim-training-simulations-target-users-filter-by-category.png" alt-text="The User filtering on the Target users page in Attack simulation training in the Microsoft Defender portal"::: You can use some or all of the search categories to find users and groups. If you select multiple categories, the AND operator is used. Any users or groups must match both values to be returned in the results (which is virtually impossible if you use the value **All** in multiple categories). @@ -333,7 +333,7 @@ In the **Add training** flyout that opens, use the following tabs to select trai - **Recommended** tab: Shows the recommended built-in trainings based on the simulation configuration. These trainings are the same trainings that would have been assigned if you selected **Assign training for me (Recommended)** on the previous page. - **All trainings** tab: Shows all built-in trainings that are available. -:::image type="content" source="media/attack-sim-training-simulations-assign-training-add-recommended-training.png" alt-text="The option to add the recommended training on the Training assignment page in Attack simulation training in the Microsoft Defender portal" lightbox="media/attack-sim-training-simulations-assign-training-add-recommended-training.png"::: +:::image type="content" source="media/attack-sim-training-simulations-assign-training-add-recommended-training.png" alt-text="The option to add the recommended training on the Training assignment page in Attack simulation training in the Microsoft Defender portal"::: On either tab, the following information is shown for each training: From 2d32778020efa22f79c66608b650b9e005708ab1 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Aug 2024 19:45:31 -0700 Subject: [PATCH 8/9] Remove unhelpful lightboxes, add end punctuation --- .../attack-simulation-training-training-campaigns.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/defender-office-365/attack-simulation-training-training-campaigns.md b/defender-office-365/attack-simulation-training-training-campaigns.md index bc945b391b..43a2787881 100644 --- a/defender-office-365/attack-simulation-training-training-campaigns.md +++ b/defender-office-365/attack-simulation-training-training-campaigns.md @@ -125,7 +125,7 @@ On the **Target users** page, select who receives the Training campaign. Use the - **Suggested user groups**: Select from the following values: - **All suggested user groups**: The same result as selecting **Users not targeted by a simulation in the last three months** and **Repeat offenders**. - - **Users not targeted by a simulation in the last three months** + - **Users not targeted by a simulation in the last three months**. - **Repeat offenders**: For more information, see [Configure the repeat offender threshold](attack-simulation-training-settings.md#configure-the-repeat-offender-threshold). - **User tags**: User tags are identifiers for specific groups of users (for example, Priority accounts). For more information, see [User tags in Microsoft Defender for Office 365](user-tags-about.md). Use the following options: @@ -153,7 +153,7 @@ On the **Target users** page, select who receives the Training campaign. Use the - Select **All Title** - Select existing Title values. If the link is available, select **See all Titles** to see the complete list of available Title values. - :::image type="content" source="media/attack-sim-training-simulations-target-users-filter-by-category.png" alt-text="The User filtering on the Target users page in Attack simulation training in the Microsoft Defender portal" lightbox="media/attack-sim-training-simulations-target-users-filter-by-category.png"::: + :::image type="content" source="media/attack-sim-training-simulations-target-users-filter-by-category.png" alt-text="The User filtering on the Target users page in Attack simulation training in the Microsoft Defender portal"::: You can use some or all of the search categories to find users and groups. If you select multiple categories, the AND operator is used. Any users or groups must match both values to be returned in the results (which is virtually impossible if you use the value **All** in multiple categories). @@ -416,7 +416,7 @@ To set the training threshold on the **Settings** tab, do the following steps: ## View Training campaign reports -For Training campaigns with the **Status** value **In progress** or **Completed**, you can view the report for the Training campaign by using either of the following methods on the **Training campaigns** tab at +For Training campaigns with the **Status** value **In progress** or **Completed**, you can view the report for the Training campaign by using either of the following methods on the **Training campaigns** tab at . - Select the campaign by clicking anywhere in the row other than the check box next to the name. - Select the campaign by selecting the check box next to the name, and then select :::image type="icon" source="media/m365-cc-sc-eye-icon.png" border="false"::: **View report**. @@ -433,7 +433,7 @@ To close the Training campaign report, select :::image type="icon" source="media ### Report tab -For a description of what's on the **Report** tab for Training campaigns, see [Simulation report for Training campaigns](attack-simulation-training-insights.md#simulation-report-for-training-campaigns) +For a description of what's on the **Report** tab for Training campaigns, see [Simulation report for Training campaigns](attack-simulation-training-insights.md#simulation-report-for-training-campaigns). ### Users tab From 03ab0e4ce3cec853c99852c0ae9057ca09a9bacb Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 26 Aug 2024 20:03:38 -0700 Subject: [PATCH 9/9] Fixes for Acrolinx and consistency --- .../attack-simulation-training-simulations.md | 6 +++--- defender-office-365/defender-for-office-365-whats-new.md | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/defender-office-365/attack-simulation-training-simulations.md b/defender-office-365/attack-simulation-training-simulations.md index c98077b3e4..1f2387162f 100644 --- a/defender-office-365/attack-simulation-training-simulations.md +++ b/defender-office-365/attack-simulation-training-simulations.md @@ -794,7 +794,7 @@ All actions on existing simulations start on the **Simulations** tab. To go ther You can copy an existing simulation and modify it to suit your needs. This action saves time and effort when you create new simulations based on previous ones. -You can copy any simulation that's available in the **Simulations** tab, regardless of the **Status** value. When you copy the simulation, you can change the setting in the new copy of the simulation . For example, change the simulation name, description, technique, payload, and target users. +You can copy any simulation that's available in the **Simulations** tab, regardless of the **Status** value. When you copy the simulation, you can change the setting in the new copy of the simulation. For example, change the simulation name, description, technique, payload, and target users. - We don't recommend copying **Failed** simulations, because the reasons for failure could recur in the copied simulation. - When you copy a simulation, the most recent settings are used in the copy (for example, the payload, landing page, and end-user notifications). If any content is deleted, you're prompted to select the respective content again. @@ -808,7 +808,7 @@ To copy a simulation, do the following steps: 1. On the **Simulations** tab at , find and select the simulation to copy by selecting the check box next to the name. 2. Select the :::image type="icon" source="media/m365-cc-sc-copy-icon.png" border="false"::: **Copy simulation** action that appears on the tab. -3. The simulation wizard opens with all the settings from the original simulation. The default simulation name on the **Name simulation** page is the original name plus the the suffix **_Copy**. +3. The simulation wizard opens with all the settings from the original simulation. The default simulation name on the **Name simulation** page is the original name plus the suffix **_Copy**. 4. Review and modify the simulation configuration as needed. Select **Submit** to launch it or **Save and close** to review it later. If you select **Cancel**, the copied simulation isn't saved. ### Cancel simulations @@ -825,7 +825,7 @@ After you cancel the simulation, the **Status** value changes to **Canceled**. - Cancelling a simulation with the **Status** value **Scheduled** results in 100% cancellation. No training assignment messages or notifications are sent, and the campaign is fully ended. - Cancelling a simulation with the **Status** value **In progress** has the following results: - Simulation delivery continues to the target users. - - If you cancel the simulation after a training assignment, the training assignments are still shown as due, but subsequent training reminders are cancelled. + - If you cancel the simulation after a training assignment, the training assignments are still shown as due, but subsequent training reminders are canceled. - If you cancel the simulation before a training assignment, the trainings aren't assigned and no training assignment notifications are sent. - Users who already received the simulated phishing message experience the following results: - For social engineering techniques that use phishing links (all except **Malware Attachment**), the links are deactivated. Selecting the link displays the following message: diff --git a/defender-office-365/defender-for-office-365-whats-new.md b/defender-office-365/defender-for-office-365-whats-new.md index 9aa1c30d5e..db53d025b9 100644 --- a/defender-office-365/defender-for-office-365-whats-new.md +++ b/defender-office-365/defender-for-office-365-whats-new.md @@ -41,7 +41,7 @@ For more information on what's new with other Microsoft Defender security produc ## August 2024 -- (Preview) You can now run [simulations](attack-simulation-training-simulations.md) with QR code payloads in [Attack simulation training](attack-simulation-training-get-started.md). You can track user repsonses and assign training to end users. +- (Preview) You can now run [simulations](attack-simulation-training-simulations.md) with QR code payloads in [Attack simulation training](attack-simulation-training-get-started.md). You can track user responses and assign training to end users. - [Use the built-in Report button in Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook): The built-in **Report** button in Outlook for Microsoft 365 and Outlook 2021 now support the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) experience to report messages as Phishing, Junk, and Not Junk. @@ -77,7 +77,7 @@ For more information on what's new with other Microsoft Defender security produc - Submit messages to Microsoft. - Trigger investigations. - Block entries in the Tenant Allow/Block List. - - Actions are contextual based on the latest delivery location of the message, but SecOps personnel can use the **Show all response actions** toggle to allow all available actions. + - Actions are contextually based on the latest delivery location of the message, but SecOps personnel can use the **Show all response actions** toggle to allow all available actions. - For 101 or more messages selected, only email purge and propose remediation options are available. > [!TIP] @@ -97,7 +97,7 @@ For more information on what's new with other Microsoft Defender security produc ## January 2024 - **New training modules available in Attack Simulation Training**: Teach your users to recognize and protect themselves against QR code phishing attacks. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/train-your-users-to-be-more-resilient-against-qr-code-phishing/ba-p/4022667). -- **Providing intent while submitting is now generally available**: Admins can identify if they're submitting an item to Microsoft for a second opinion or they're submitting the message because it's malicious and was missed by Microsoft. With this change, Microsoft analysis of admin submitted messages (email and Microsoft Teams), URLs, and email attachments is further streamlined and results in a more accurate analysis. [Learn more](submissions-admin.md). +- **Providing intent while submitting is now generally available**: Admins can identify if they're submitting an item to Microsoft for a second opinion or they're submitting the message because it's malicious and was missed by Microsoft. With this change, Microsoft analyses of admin submitted messages (email and Microsoft Teams), URLs, and email attachments are further streamlined and results in a more accurate analysis. [Learn more](submissions-admin.md). ## December 2023 @@ -264,7 +264,7 @@ For more information on what's new with other Microsoft Defender security produc ## August 2021 - [Admin review for reported messages](submissions-admin-review-user-reported-messages.md): Admins can now send templated messages back to end users after they review reported messages. The templates can be customized for your organization and based on your admin's verdict as well. -- You can now add allow entries to the Tenant Allow/Block List if the blocked message was submitted as part of the admin submission process. Depending on the nature of the block, the submitted URL, file, and/or sender allow entries are added to the Tenant Allow/Block List. In most cases, the allows are added to give the system some time and allow it naturally, if warranted. In some cases, Microsoft manages the allow for you. For more information, see: +- You can now add allow entries to the Tenant Allow/Block List if the blocked message was submitted as part of the admin submission process. Depending on the nature of the block, the submitted URL, file, and/or sender allow entries are added to the Tenant Allow/Block List. In most cases, the allows entries are added to give the system some time and allow it naturally, if warranted. In some cases, Microsoft manages the allow entries for you. For more information, see: - [Report good URLs to Microsoft](submissions-admin.md#report-good-urls-to-microsoft) - [Report good email attachments to Microsoft](submissions-admin.md#report-good-email-attachments-to-microsoft) - [Report good email to Microsoft](submissions-admin.md#report-good-email-to-microsoft)