Hey everyone! I'm a sys admin searching for a phishing simulation provider that allows the use of custom email templates and replicates a realistic Microsoft 365 sign-in screen. I'm interested in crafting email templates based on actual attacks we've faced in the past. Previously, I used Trend Vision One, but the new interface has been quite frustrating. While I've looked into CanIPhish, the 365 sign-in page it offers isn't convincing enough for my users. Since we're a small business with fewer than 100 users and fully integrated into the 365 cloud, I need a service that closely mimics the 365 sign-in experience. I also checked out KnowBe4, but it seems a bit too extensive for what we need.
5 Answers
It really depends on your license level. If you're on an E5 subscription, there's phishing training included through Microsoft. Check out their Attack Simulation Training [here](https://learn.microsoft.com/en-us/defender-office-365/attack-simulation-training-get-started). That said, if you're only on Business Premium, upgrading to E5 can be quite pricey, especially for a small team.
KnowBe4 can handle custom templates and training pretty seamlessly. Might be worth a second look!
We’ve recently implemented GoPhish, and while it’s a bit tricky to set up, it’s free, open-source, and gives you a lot of control over your simulations. I think it's worth the effort!
I'm looking into setting up GoPhish as we speak! What kind of training do you use alongside it?
As someone mentioned earlier, Microsoft does have its Attack Simulation Training. To use it effectively, you’ll need Defender for Office 365 Plan 2 or an E5 subscription, which lets you create custom templates and use 365-style login pages. If you’re stuck on Business Premium/E3 without Plan 2, you might end up paying extra for that. Alternatively, for more control, you could look at GoPhish. It lets you customize templates and track user responses, but it requires more setup work.
Boxphish might be a good option to consider. I've heard some positive feedback about it for phishing simulations.
Thanks for the info! I did check Microsoft’s phishing simulation, but upgrading to E5 would be a big jump for us. Still weighing our options.