Phishing campaigns remain a top concern for security teams worldwide...
3.4 billion malicious emails are sent every day.
And Verizon’s 2023 DBIR found that 36% of all data breaches involved phishing.
Weighing up whether not to use Microsoft Defender for Office 365 for your attack simulation training?
Below, we'll cover all the information you need to make an informed decision - the mechanics of phishing simulations, realistic results you can expect to achieve and how to get maximum value whichever solution you choose.
What is attack simulation training?
Attack simulation training is a cybersecurity strategy that mimics phishing attacks to teach employees how to recognize and respond to cyber threats.
By simulating real-world attacks, organizations can measure employees' susceptibility to phishing, provide targeted education, and enhance their overall security posture.
Why do security teams use this kind of training?
Phishing attacks will usually target either your organization as a whole, or specific individuals (often C-level executives, directors, or managers).
Attackers will find and gather information on social media to create personalized phishing attacks.
And whilst some attackers are amateurs using more primitive methods, others are experts who will use sophisticated tactics to access your organization's sensitive information.
97% of companies have been the target of a sophisticated phishing attack...
And 90% of corporate security breaches are the result of email-based phishing attacks.
You need simulations to create lasting behavior change
The data is clear: raising awareness alone just isn't effective.
This is why organizations use training campaigns that actually simulate malicious emails - so that employees get frequent practice dealing with realistic threats.
If you already have compliance-based training in place, you'll need to take this a step further to build a strong human firewall that can actually prevent and mitigate the impact of potential threats.
To change employee behavior in any measurable way, continuous practical training is needed.
No matter what filters you have in place, there will always be advanced email threats that manage to make their way to your employees' inboxes.
And without regular simulations and practice, employees won’t have the skills or confidence to catch them.
By simulating real threats in a controlled environment, you can give employees a feel for what different types of attacks look like in the wild... and start forming positive habits.
These habits aren't built overnight though.
So, at Hoxhunt we aim to send users at least 36 simulations a year (one every 10 days).
How does Microsoft's attack simulation training work?
- Create template: Design and validate the phishing template, ensuring all HTML formatting is correct.
- Technical test: Check that links work across all browsers (IE, Firefox, Chrome, Edge).
- First pilot test: Send the simulation to a small test group (up to 5 users) to verify functionality.
- Landing page: Develop and review an English version of the landing page with the corporate communications team.
- Translate page: Localize the landing page into all necessary languages.
- Standard response: Using Microsoft Power Apps, create automated replies for users who report phishing successfully.
- Second pilot test: Resend the simulation to the test group, confirming all elements work seamlessly.
- Group recipients: Create Office 365 sub-groups of up to 500 users, as Microsoft limits simulations per group.
- Notify service desk and IT: Communicate launch details to support teams for any user inquiries.
- Launch campaign: Initiate the phishing campaign for all employees.
- Collect feedback: Gather recipient feedback and Net Promoter Score (NPS).
- Monitor and report: Track results for one week and report findings.
- Review feedback: Analyze employee responses to improve future simulations.
- Retrospective: Document lessons learned and insights from the campaign.
Drawbacks of using Microsoft Defender for attack simulation training
- Limited scenario variety: While it includes basic phishing simulations, Defender lacks advanced, evolving threats like vishing, whaling, or clone phishing, which are essential for thorough employee training.
- Customization constraints: Defender’s templates offer limited customization options, which can lead to repetitive training experiences and may not cover specific threats tailored to different organizational roles.
- Complex setup and management: Many users report a steeper learning curve and setup complexity, which can demand additional IT resources, especially outside the Office 365 ecosystem.
- Standardized automation: While Defender offers automation for campaigns, it lacks adaptive learning. This means scenarios won't dynamically adjust to employee performance levels.
- Basic reporting: Defender provides email reporting, but it may require significant manual effort to interpret insights.
Hoxhunt vs Microsoft Defender for Office 365
*All insights below are based on real customer reviews.
Ease of use
Hoxhunt
- Easy, intuitive interface accessible to all employee skill levels
- Minimal technical setup and IT support required
- Strong customer support for troubleshooting and setup assistance
- Designed for scalability, making it suitable for companies of varying sizes
Microsoft
- Works well within Office 365 environment but setup can be complex for new users
- Requires technical expertise for optimal configuration
- Interface may be less intuitive for users unfamiliar with Defender’s ecosystem
- Initial learning curve for non-technical staff may slow implementation
Variety of simulations
Hoxhunt
- Extensive range of phishing scenarios, regularly updated to reflect current trends
- Scenario diversity helps reduce simulation fatigue and maintain employee engagement
- Tiered simulations cater to employees with different skill levels, from beginner to advanced
- Realistic, personalized simulations that mimic real-life attack tactics
Microsoft
- Offers a solid range of basic and intermediate phishing templates
- Limited scenario customization options and less frequent updates compared to Hoxhunt
- Templates address a broad range of industries but may lack specificity for highly targeted sectors
- Simulation variety might not fully represent the latest attack vectors
Automation
Hoxhunt
- AI-driven automation tailors simulation difficulty, frequency, and timing to individual user performance
- Automated follow-ups and reminders increase engagement without manual intervention
- Allows administrators to focus on strategy instead of manually managing the tool
- Adaptive learning technology personalizes experience without heavy administrative load
Microsoft
- Basic automation features enable scheduling and template selection
- Requires some configuration, with limited template adaptability
- Automation is effective but lacks the advanced, personalized approach of Hoxhunt
- Can become repetitive without adaptive learning, potentially lowering engagement over time
Realism of simulations
Hoxhunt
- Scenarios closely resemble real-world phishing tactics, including complex, high-stakes simulations
- Designed to be challenging, prompting users to critically analyze each email
- Uses realistic design elements (e.g., branding, grammar, etc.) to enhance credibility
- Frequently updated with real-world cases to maintain relevance
Microsoft
- Effective realism but sometimes lacks the depth and engagement of Hoxhunt’s simulations
- Templates are realistic but may not keep up with emerging attack styles as rapidly
- Design is credible but may lack the creative variety found in competitor tools
- Suited for general phishing scenarios but could be less challenging for advanced users
Reporting
Hoxhunt
- Comprehensive, detailed insights into user performance and simulation success rates
- Data visualization tools make it easy to interpret trends at a glance
- Tracks user behavior improvements over time, providing actionable feedback
- Exportable reports that allow for further analysis and team-wide reviews
Microsoft
- Integrated email reporting with Office 365, offering a centralized view of user performance
- Requires technical understanding to interpret data thoroughly
- Excellent integration with Microsoft environment, simplifying management for Office 365 administrators
- Lacks advanced, visualized insights compared to Hoxhunt, which may limit strategic analysis
Personalization & adaptive learning paths
Hoxhunt
- Uses AI to adjust phishing simulations to each user’s skill level and improvement rate
- Adaptive learning paths ensure simulations remain engaging and appropriately challenging
- Personalization fosters a sense of relevance, with scenarios suited to employee roles
- Allows customized learning paths for employees based on their progress
Microsoft
- Some customization available for user groups or specific departments
- Lacks fully adaptive learning, resulting in less tailored employee training
- Templates can be assigned to groups but don’t adjust dynamically based on individual progress
- Personalization requires manual input and lacks automated adaptive responses
| Hoxhunt | Microsoft Defender for Office 365 | |
|---|---|---|
| Personalized Learning | AI-driven, adapts simulations to individual skill levels for targeted training | Limited customization, lacks adaptive learning |
| Variety and Engagement | Frequently updated, varied simulations to mimic real-world attacks | Standardized templates, effective but less frequently updated |
| Behavioral Insights | Detailed insights on employee vulnerabilities, strong reporting tools | Good reporting within Office 365, but may require advanced knowledge to interpret |
| Integration | Works independently of other platforms, good for diverse environments, integrates with Outlook and Gmail | Integrates seamlessly within Microsoft 365 ecosystem, suited for centralized environments |
| Automation | Automated reminders and adaptive simulation schedules | Standard automation with manual setup options |
| Ideal Use Cases | Organizations seeking highly adaptive, engaging, and personalized training | Microsoft-based organizations seeking a centralized, scalable solution |
.webp)