API & Integrations - Microsoft Attack Simulation Integration

Updated

This article contains information on integrating Microsoft Attack Simulation data into Mimecast's Human Risk Management platform, enhancing risk analysis and mitigation by leveraging simulation insights to address human-centric cybersecurity challenges.

Overview

The integration between Microsoft Attack Simulation and Mimecast’s Human Risk Platform represents a significant advancement in organizational cybersecurity. By ingesting user interaction data from Microsoft’s simulated phishing campaigns, Mimecast’s platform can update user risk scores in real-time, enabling security teams to:

  • Monitor user behavior during phishing simulations.
  • Identify high-risk users based on their actions (e.g., clicking links, submitting credentials).
  • Deploy targeted training to address specific vulnerabilities.
  • Enhance overall security posture by proactively addressing human risk factors.

This integration can be accessed from the Human Risk Command Center, which is available to all Mimecast Email Security Cloud Gateway customers. 

Considerations

Before implementing the integration, organizations should be aware of several important factors:

  • Data Scope: Only events generated after activation are ingested. Historical data is not imported, ensuring existing user risk scores remain unaffected.
  • Accessibility: Available to all Mimecast Email Security Cloud Gateway customers using the Human Risk Command Center, not limited to Mimecast Engage users.
  • Deployment Time: Configuration can be completed within minutes, but it may take up to 24 hours for new phishing-related scores to appear in the Human Risk Command Center Dashboard.
  • Regional Support: Separate Azure applications are created for different regions (e.g., US, UK, DE, AU) to comply with data residency requirements.

These considerations help ensure a smooth Onboarding process and maintain data integrity.

Prerequisites

Successful deployment of the integration requires meeting specific licensing, technical, and administrative prerequisites:

  • Mimecast Licensing: Access to Mimecast Engage or the Human Risk Command Center.
  • Microsoft Licensing: This Human Risk Management (HRM) integration requires access to Attack Simulation Training, a feature of Microsoft Defender for Office Plan 2. This is included with the following licenses:
  • Technical Setup: Registration of an application in Microsoft Entra ID (Azure AD) with the AttackSimulation.Read.All permissions granted via admin consent.
  • API Access: The organization’s Microsoft tenant must be configured to allow API access for the integration.

Ensuring these prerequisites are met is essential for a seamless integration experience.

Permission

The integration requires specific administrative roles within Mimecast and Microsoft environments to ensure secure and controlled access:

  • Mimecast
    • Global Sys Admin
    • Sys Admin - SD Full
    • Super Administrator
    • Full Administrator
    • Basic Administrator
    • Partner Administrator
    • Custom roles with Integrations Marketplace Read/Write permissions
  • Microsoft
    • Admin consent for the AttackSimulation.Read.All permissions in Azure AD (Microsoft Entra ID)

Only authorized personnel with these roles can configure, edit, or delete the integration, maintaining operational integrity and security.

Integration Configuration

The integration and configuration process is designed to be straightforward and secure. Below is a step-by-step summary:

  1. Log in to our Mimecast Administrator Console.
  2. Navigate to Integrations | Integrations Hub.

2025-08-07_09-53-43.jpg

  1. Click Configure New on the Microsoft Attack Simulation tile.

2025-08-06_16-02-14.jpg

  1. Fill in the Details: 
  • Application Name
  • Description

2025-08-11_11-51-41.png

  1. After filling in the details, click Authorize.

2025-08-11_11-56-40.png

When starting the authorization flow for Microsoft Attack Simulation, you will be redirected to an authorization pop-up. Please complete the authorization flow to allow Mimecast to access Microsoft Attack Simulation.

  1. Log in or select the user account you wish to use. 

2025-08-07_09-47-16.jpg

  1. Click Accept on the Microsoft Permissions requested pop-up.

2025-08-07_09-43-09.jpg

  1. You will receive a pop-up message confirming the Success of the integration.

2025-08-07_09-41-18.jpg

  1. Once the integration is successful, refresh and the status will change to Connected.

2025-08-11_12-22-51.png

  1. While on the Mimecast Administrator Console, Navigate to Human Risk Command Center | Dashboard
  2. The newly integrated will appear under Human Risk Behaviors as Simulated Phishing.

2025-08-11_12-32-23.png

  1. Click the drop-down to expand Simulated Phishing under Human Risk Behaviors.
  2. Then, once expanded, click View Details.

2025-08-11_12-47-24.png

  1. You can view a list of Events over time, individual performance, score breakdown, and the latest events for simulated phishing.

2025-08-11_12-56-44.png

  1. Clicking on the Latest Events tab allows the administrator to view the Individual Risk Profile by clicking on one user under the individual list.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.