This article contains information on Direct Message Injection (DMI) in Awareness Training, a feature that securely delivers phishing simulation emails directly to users' inboxes, bypassing email filters, ensuring realistic training, and maintaining tenant security.
| Q | What is Direct Message Injection (DMI) in Awareness Training? |
| A | Direct Message Injection (DMI) in Awareness Training is a feature that allows administrators to deliver simulated phishing emails directly into users' mailboxes. This bypasses traditional email routing, ensuring phishing simulations are not affected by spam filters or security getaways. |
| Q | How does DMI benefit phishing simulations in multi-tenant environments? |
| A |
|
| Q | Is DMI secure when used for phishing simulations across multiple tenants? |
| A | Yes. Awareness Training enforces strict separation between tenants, so only authorized administrators can inject messages for their own users. Proper authentication and consent are required as part of the initial DMI integration configuration within the integration hub. |
| Q | Will users know the email is a simulation if DMI is used? |
| A | No. DMI delivers simulations directly to inboxes, so they look indistinguishable from real phishing attempts. This realistic delivery is crucial for effective training. |
| Q | Is DMI activity for phishing simulations auditable? |
| A |
Yes. Awareness Training provides audit log entries when:
Awareness Training will also show if the simulation was successfully delivered to a user or if an error occurred on the phishing campaign table. |
| Q | What happens if a user reports a DMI-injected phishing simulation as a real threat? |
| A | The end user will have the same experience they do currently when reporting a phishing simulation within a Microsoft365 environment. |
| Q | Are there any risks or recommendations for DMI phishing simulations in multi-tenant accounts? |
| A |
|
Comments
Please sign in to leave a comment.