Skip to main content

Office 365 will now allow businesses to run phishing simulations

(Image credit: Image Credit: wk1003mike / Shutterstock)

In almost all scenarios, businesses want phishing emails - especially those containing malicious files - to be blocked before ever landing in the target inbox. 

However, for the purposes of training and raising awareness, Microsoft will soon allow admins to deliberately push select messages through email filters.

According to the company's feature roadmap page, this will be made possible via a self-remediation portal, which will allow Office 365 admins to blacklist or whitelist certain items - even those caught by the Office 365 Exchange Online Protection (EOP) filtering stack.

"We understand that from time to time, customers may want to ensure delivery of certain messages containing malicious content for specific reasons, such as phishing simulations and training," said the company.

"In order to provide a way for our customers to easily reconcile this at time of click and during mail flow, we're developing a portal to help you self-remediate."

Office 365 Advanced Threat Protection (ATP) will also offer users an Attack Simulator tool, which will enable admins to run spear phishing, password spray and brute force attack simulations to test employees.

According to Microsoft, the new features should roll out globally at some point in Q3 2020.

Phishing emails continue to be one of the main attack vectors for cybercriminals. Often overworked and rushing to complete tasks, employees sometimes fail to double-check where an email is coming from, putting themselves and their organization at risk.

A strong commitment to training staff is considered one of the best ways to safeguard against attacks of this kind.