Create an attack simulation campaign for a tenant.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
The following table lists the properties that are required when you create the simulation.
The following example shows a request.
POST https://graph.microsoft.com/beta/security/attackSimulation/simulations
Content-type: application/json
{
"displayName": "Graph Simulation",
"payload@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"loginPage@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"landingPage@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
"createdBy": {
"email": "john@contoso.com"
},
"durationInDays": "3",
"attackTechnique": "credentialHarvesting",
"status": "scheduled",
"includedAccountTarget": {
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",
"type": "addressBook",
"accountTargetEmails": [
"john@contoso.com"
]
},
"trainingSetting": {
"settingType": "noTraining"
},
"endUserNotificationSetting": {
"notificationPreference": "microsoft",
"settingType": "noTraining",
"positiveReinforcement": {
"deliveryPreference": "deliverAfterCampaignEnd",
"endUserNotification@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
"defaultLanguage": "en"
},
"simulationNotification": {
"targettedUserType": "compromised",
"endUserNotification@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",
"defaultLanguage": "en"
}
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new Simulation
{
DisplayName = "Graph Simulation",
CreatedBy = new EmailIdentity
{
Email = "john@contoso.com",
},
DurationInDays = 3,
AttackTechnique = SimulationAttackTechnique.CredentialHarvesting,
Status = SimulationStatus.Scheduled,
IncludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"john@contoso.com",
},
},
TrainingSetting = new TrainingSetting
{
SettingType = TrainingSettingType.NoTraining,
},
EndUserNotificationSetting = new EndUserNotificationSetting
{
NotificationPreference = EndUserNotificationPreference.Microsoft,
SettingType = EndUserNotificationSettingType.NoTraining,
PositiveReinforcement = new PositiveReinforcementNotification
{
DeliveryPreference = NotificationDeliveryPreference.DeliverAfterCampaignEnd,
DefaultLanguage = "en",
AdditionalData = new Dictionary<string, object>
{
{
"endUserNotification@odata.bind" , "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a"
},
},
},
AdditionalData = new Dictionary<string, object>
{
{
"simulationNotification" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"targettedUserType", new UntypedString("compromised")
},
{
"endUserNotification@odata.bind", new UntypedString("https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a")
},
{
"defaultLanguage", new UntypedString("en")
},
})
},
},
},
AdditionalData = new Dictionary<string, object>
{
{
"payload@odata.bind" , "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
},
{
"loginPage@odata.bind" , "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a"
},
{
"landingPage@odata.bind" , "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a"
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations.PostAsync(requestBody);
mgc-beta security attack-simulation simulations create --body '{\
"displayName": "Graph Simulation",\
"payload@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",\
"loginPage@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",\
"landingPage@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",\
"createdBy": {\
"email": "john@contoso.com"\
},\
"durationInDays": "3",\
"attackTechnique": "credentialHarvesting",\
"status": "scheduled",\
"includedAccountTarget": {\
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",\
"type": "addressBook",\
"accountTargetEmails": [\
"john@contoso.com"\
]\
},\
"trainingSetting": {\
"settingType": "noTraining"\
},\
"endUserNotificationSetting": {\
"notificationPreference": "microsoft",\
"settingType": "noTraining",\
"positiveReinforcement": {\
"deliveryPreference": "deliverAfterCampaignEnd",\
"endUserNotification@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",\
"defaultLanguage": "en"\
},\
"simulationNotification": {\
"targettedUserType": "compromised",\
"endUserNotification@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",\
"defaultLanguage": "en"\
}\
}\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewSimulation()
displayName := "Graph Simulation"
requestBody.SetDisplayName(&displayName)
createdBy := graphmodels.NewEmailIdentity()
email := "john@contoso.com"
createdBy.SetEmail(&email)
requestBody.SetCreatedBy(createdBy)
durationInDays := int32(3)
requestBody.SetDurationInDays(&durationInDays)
attackTechnique := graphmodels.CREDENTIALHARVESTING_SIMULATIONATTACKTECHNIQUE
requestBody.SetAttackTechnique(&attackTechnique)
status := graphmodels.SCHEDULED_SIMULATIONSTATUS
requestBody.SetStatus(&status)
includedAccountTarget := graphmodels.NewAddressBookAccountTargetContent()
type := graphmodels.ADDRESSBOOK_ACCOUNTTARGETCONTENTTYPE
includedAccountTarget.SetType(&type)
accountTargetEmails := []string {
"john@contoso.com",
}
includedAccountTarget.SetAccountTargetEmails(accountTargetEmails)
requestBody.SetIncludedAccountTarget(includedAccountTarget)
trainingSetting := graphmodels.NewTrainingSetting()
settingType := graphmodels.NOTRAINING_TRAININGSETTINGTYPE
trainingSetting.SetSettingType(&settingType)
requestBody.SetTrainingSetting(trainingSetting)
endUserNotificationSetting := graphmodels.NewEndUserNotificationSetting()
notificationPreference := graphmodels.MICROSOFT_ENDUSERNOTIFICATIONPREFERENCE
endUserNotificationSetting.SetNotificationPreference(¬ificationPreference)
settingType := graphmodels.NOTRAINING_ENDUSERNOTIFICATIONSETTINGTYPE
endUserNotificationSetting.SetSettingType(&settingType)
positiveReinforcement := graphmodels.NewPositiveReinforcementNotification()
deliveryPreference := graphmodels.DELIVERAFTERCAMPAIGNEND_NOTIFICATIONDELIVERYPREFERENCE
positiveReinforcement.SetDeliveryPreference(&deliveryPreference)
defaultLanguage := "en"
positiveReinforcement.SetDefaultLanguage(&defaultLanguage)
additionalData := map[string]interface{}{
"endUserNotification@odata.bind" : "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
}
positiveReinforcement.SetAdditionalData(additionalData)
endUserNotificationSetting.SetPositiveReinforcement(positiveReinforcement)
additionalData := map[string]interface{}{
simulationNotification := graph.New()
targettedUserType := "compromised"
simulationNotification.SetTargettedUserType(&targettedUserType)
odataBind := "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a"
simulationNotification.SetOdataBind(&odataBind)
defaultLanguage := "en"
simulationNotification.SetDefaultLanguage(&defaultLanguage)
endUserNotificationSetting.SetSimulationNotification(simulationNotification)
}
endUserNotificationSetting.SetAdditionalData(additionalData)
requestBody.SetEndUserNotificationSetting(endUserNotificationSetting)
additionalData := map[string]interface{}{
"payload@odata.bind" : "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"loginPage@odata.bind" : "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"landingPage@odata.bind" : "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
simulations, err := graphClient.Security().AttackSimulation().Simulations().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setDisplayName("Graph Simulation");
EmailIdentity createdBy = new EmailIdentity();
createdBy.setEmail("john@contoso.com");
simulation.setCreatedBy(createdBy);
simulation.setDurationInDays(3);
simulation.setAttackTechnique(SimulationAttackTechnique.CredentialHarvesting);
simulation.setStatus(SimulationStatus.Scheduled);
AddressBookAccountTargetContent includedAccountTarget = new AddressBookAccountTargetContent();
includedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
includedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails = new LinkedList<String>();
accountTargetEmails.add("john@contoso.com");
includedAccountTarget.setAccountTargetEmails(accountTargetEmails);
simulation.setIncludedAccountTarget(includedAccountTarget);
TrainingSetting trainingSetting = new TrainingSetting();
trainingSetting.setSettingType(TrainingSettingType.NoTraining);
simulation.setTrainingSetting(trainingSetting);
EndUserNotificationSetting endUserNotificationSetting = new EndUserNotificationSetting();
endUserNotificationSetting.setNotificationPreference(EndUserNotificationPreference.Microsoft);
endUserNotificationSetting.setSettingType(EndUserNotificationSettingType.NoTraining);
PositiveReinforcementNotification positiveReinforcement = new PositiveReinforcementNotification();
positiveReinforcement.setDeliveryPreference(NotificationDeliveryPreference.DeliverAfterCampaignEnd);
positiveReinforcement.setDefaultLanguage("en");
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("endUserNotification@odata.bind", "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a");
positiveReinforcement.setAdditionalData(additionalData);
endUserNotificationSetting.setPositiveReinforcement(positiveReinforcement);
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
simulationNotification = new ();
simulationNotification.setTargettedUserType("compromised");
simulationNotification.setEndUserNotificationOdataBind("https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a");
simulationNotification.setDefaultLanguage("en");
additionalData1.put("simulationNotification", simulationNotification);
endUserNotificationSetting.setAdditionalData(additionalData1);
simulation.setEndUserNotificationSetting(endUserNotificationSetting);
HashMap<String, Object> additionalData2 = new HashMap<String, Object>();
additionalData2.put("payload@odata.bind", "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a");
additionalData2.put("loginPage@odata.bind", "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a");
additionalData2.put("landingPage@odata.bind", "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a");
simulation.setAdditionalData(additionalData2);
Simulation result = graphClient.security().attackSimulation().simulations().post(simulation);
const options = {
authProvider,
};
const client = Client.init(options);
const simulation = {
displayName: 'Graph Simulation',
'payload@odata.bind': 'https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
'loginPage@odata.bind': 'https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a',
'landingPage@odata.bind': 'https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a',
createdBy: {
email: 'john@contoso.com'
},
durationInDays: '3',
attackTechnique: 'credentialHarvesting',
status: 'scheduled',
includedAccountTarget: {
'@odata.type': '#microsoft.graph.addressBookAccountTargetContent',
type: 'addressBook',
accountTargetEmails: [
'john@contoso.com'
]
},
trainingSetting: {
settingType: 'noTraining'
},
endUserNotificationSetting: {
notificationPreference: 'microsoft',
settingType: 'noTraining',
positiveReinforcement: {
deliveryPreference: 'deliverAfterCampaignEnd',
'endUserNotification@odata.bind': 'https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a',
defaultLanguage: 'en'
},
simulationNotification: {
targettedUserType: 'compromised',
'endUserNotification@odata.bind': 'https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a',
defaultLanguage: 'en'
}
}
};
await client.api('/security/attackSimulation/simulations')
.version('beta')
.post(simulation);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Simulation;
use Microsoft\Graph\Beta\Generated\Models\EmailIdentity;
use Microsoft\Graph\Beta\Generated\Models\SimulationAttackTechnique;
use Microsoft\Graph\Beta\Generated\Models\SimulationStatus;
use Microsoft\Graph\Beta\Generated\Models\AddressBookAccountTargetContent;
use Microsoft\Graph\Beta\Generated\Models\AccountTargetContentType;
use Microsoft\Graph\Beta\Generated\Models\TrainingSetting;
use Microsoft\Graph\Beta\Generated\Models\TrainingSettingType;
use Microsoft\Graph\Beta\Generated\Models\EndUserNotificationSetting;
use Microsoft\Graph\Beta\Generated\Models\EndUserNotificationPreference;
use Microsoft\Graph\Beta\Generated\Models\EndUserNotificationSettingType;
use Microsoft\Graph\Beta\Generated\Models\PositiveReinforcementNotification;
use Microsoft\Graph\Beta\Generated\Models\NotificationDeliveryPreference;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Simulation();
$requestBody->setDisplayName('Graph Simulation');
$createdBy = new EmailIdentity();
$createdBy->setEmail('john@contoso.com');
$requestBody->setCreatedBy($createdBy);
$requestBody->setDurationInDays(3);
$requestBody->setAttackTechnique(new SimulationAttackTechnique('credentialHarvesting'));
$requestBody->setStatus(new SimulationStatus('scheduled'));
$includedAccountTarget = new AddressBookAccountTargetContent();
$includedAccountTarget->setOdataType('#microsoft.graph.addressBookAccountTargetContent');
$includedAccountTarget->setType(new AccountTargetContentType('addressBook'));
$includedAccountTarget->setAccountTargetEmails(['john@contoso.com', ]);
$requestBody->setIncludedAccountTarget($includedAccountTarget);
$trainingSetting = new TrainingSetting();
$trainingSetting->setSettingType(new TrainingSettingType('noTraining'));
$requestBody->setTrainingSetting($trainingSetting);
$endUserNotificationSetting = new EndUserNotificationSetting();
$endUserNotificationSetting->setNotificationPreference(new EndUserNotificationPreference('microsoft'));
$endUserNotificationSetting->setSettingType(new EndUserNotificationSettingType('noTraining'));
$endUserNotificationSettingPositiveReinforcement = new PositiveReinforcementNotification();
$endUserNotificationSettingPositiveReinforcement->setDeliveryPreference(new NotificationDeliveryPreference('deliverAfterCampaignEnd'));
$endUserNotificationSettingPositiveReinforcement->setDefaultLanguage('en');
$additionalData = [
'endUserNotification@odata.bind' => 'https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a',
];
$endUserNotificationSettingPositiveReinforcement->setAdditionalData($additionalData);
$endUserNotificationSetting->setPositiveReinforcement($endUserNotificationSettingPositiveReinforcement);
$additionalData = [
'simulationNotification' => [
'targettedUserType' => 'compromised',
'endUserNotification@odata.bind' => 'https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a',
'defaultLanguage' => 'en',
],
];
$endUserNotificationSetting->setAdditionalData($additionalData);
$requestBody->setEndUserNotificationSetting($endUserNotificationSetting);
$additionalData = [
'payload@odata.bind' => 'https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
'loginPage@odata.bind' => 'https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a',
'landingPage@odata.bind' => 'https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a',
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->security()->attackSimulation()->simulations()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Security
$params = @{
displayName = "Graph Simulation"
"payload@odata.bind" = "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
"loginPage@odata.bind" = "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a"
"landingPage@odata.bind" = "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a"
createdBy = @{
email = "john@contoso.com"
}
durationInDays = "3"
attackTechnique = "credentialHarvesting"
status = "scheduled"
includedAccountTarget = @{
"@odata.type" = "#microsoft.graph.addressBookAccountTargetContent"
type = "addressBook"
accountTargetEmails = @(
"john@contoso.com"
)
}
trainingSetting = @{
settingType = "noTraining"
}
endUserNotificationSetting = @{
notificationPreference = "microsoft"
settingType = "noTraining"
positiveReinforcement = @{
deliveryPreference = "deliverAfterCampaignEnd"
"endUserNotification@odata.bind" = "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a"
defaultLanguage = "en"
}
simulationNotification = @{
targettedUserType = "compromised"
"endUserNotification@odata.bind" = "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a"
defaultLanguage = "en"
}
}
}
New-MgBetaSecurityAttackSimulation -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.simulation import Simulation
from msgraph_beta.generated.models.email_identity import EmailIdentity
from msgraph_beta.generated.models.simulation_attack_technique import SimulationAttackTechnique
from msgraph_beta.generated.models.simulation_status import SimulationStatus
from msgraph_beta.generated.models.address_book_account_target_content import AddressBookAccountTargetContent
from msgraph_beta.generated.models.account_target_content_type import AccountTargetContentType
from msgraph_beta.generated.models.training_setting import TrainingSetting
from msgraph_beta.generated.models.training_setting_type import TrainingSettingType
from msgraph_beta.generated.models.end_user_notification_setting import EndUserNotificationSetting
from msgraph_beta.generated.models.end_user_notification_preference import EndUserNotificationPreference
from msgraph_beta.generated.models.end_user_notification_setting_type import EndUserNotificationSettingType
from msgraph_beta.generated.models.positive_reinforcement_notification import PositiveReinforcementNotification
from msgraph_beta.generated.models.notification_delivery_preference import NotificationDeliveryPreference
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Simulation(
display_name = "Graph Simulation",
created_by = EmailIdentity(
email = "john@contoso.com",
),
duration_in_days = 3,
attack_technique = SimulationAttackTechnique.CredentialHarvesting,
status = SimulationStatus.Scheduled,
included_account_target = AddressBookAccountTargetContent(
odata_type = "#microsoft.graph.addressBookAccountTargetContent",
type = AccountTargetContentType.AddressBook,
account_target_emails = [
"john@contoso.com",
],
),
training_setting = TrainingSetting(
setting_type = TrainingSettingType.NoTraining,
),
end_user_notification_setting = EndUserNotificationSetting(
notification_preference = EndUserNotificationPreference.Microsoft,
setting_type = EndUserNotificationSettingType.NoTraining,
positive_reinforcement = PositiveReinforcementNotification(
delivery_preference = NotificationDeliveryPreference.DeliverAfterCampaignEnd,
default_language = "en",
additional_data = {
"end_user_notification@odata_bind" : "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
}
),
additional_data = {
"simulation_notification" : {
"targetted_user_type" : "compromised",
"end_user_notification@odata_bind" : "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/12wer3678-9abc-def0-123456789a",
"default_language" : "en",
},
}
),
additional_data = {
"payload@odata_bind" : "https://graph.microsoft.com/beta/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"login_page@odata_bind" : "https://graph.microsoft.com/beta/security/attacksimulation/loginPages/1w345678-9abc-def0-123456789a",
"landing_page@odata_bind" : "https://graph.microsoft.com/beta/security/attacksimulation/landingPages/1c345678-9abc-def0-123456789a",
}
)
result = await graph_client.security.attack_simulation.simulations.post(request_body)
The following example shows the response.