Namespace: microsoft.graph
Update an attack simulation campaign for a tenant.
This API is available in the following national cloud deployments.
| Global service |
US Government L4 |
US Government L5 (DOD) |
China operated by 21Vianet |
| ✅ |
❌ |
❌ |
❌ |
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
| Permission type |
Least privileged permissions |
Higher privileged permissions |
| Delegated (work or school account) |
AttackSimulation.ReadWrite.All |
Not available. |
| Delegated (personal Microsoft account) |
Not supported. |
Not supported. |
| Application |
AttackSimulation.ReadWrite.All |
Not available. |
HTTP request
PATCH /security/attackSimulation/simulations/{simulationId}
Request body
In the request body, supply only the values for properties to update. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values.
The following table specifies the properties that can be updated.
| Property |
Type |
Description |
| attackTechnique |
simulationAttackTechnique |
The social engineering technique used in the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, credentialHarvesting, attachmentMalware, driveByUrl, linkInAttachment, linkToMalwareFile, unknownFutureValue, oAuthConsentGrant. Use the Prefer: include-unknown-enum-members request header to get the following values from this evolvable enum: oAuthConsentGrant. For more information about the types of social engineering attack techniques, see simulations. |
| attackType |
simulationAttackType |
Attack type of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, social, cloud, endpoint, unknownFutureValue. |
| displayName |
String |
Display name of the attack simulation and training campaign. Supports $filter and $orderby. |
| durationInDays |
Int32 |
Simulation duration in days. |
| excludedAccountTarget |
accountTargetContent |
Users excluded from the simulation. |
| includedAccountTarget |
accountTargetContent |
Users targeted in the simulation. |
| payload |
payload |
Payload associated with the simulation. |
| status |
simulationStatus |
Status of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, draft, running, scheduled, succeeded, failed, cancelled, excluded, unknownFutureValue. |
Response
If successful, this method returns a 202 Accepted response code and a tracking header named location in the response.
Examples
Example 1: Update an attack simulation campaign
The following example shows how to update an attack simulation campaign for a tenant.
Request
The following example shows a request.
PATCH https://graph.microsoft.com/v1.0/security/attackSimulation/simulations/2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc
Content-type: application/json
{
"@odata.etag": "\"0100aa9b-0000-0100-0000-6396fa270000\"",
"displayName": "Graph Simulation",
"[email protected]":"https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"durationInDays": 7,
"attackTechnique": "credentialHarvesting",
"attackType": "social",
"status": "scheduled",
"includedAccountTarget": {
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",
"type" : "addressBook",
"accountTargetEmails" : [
"[email protected]"
]
},
"excludedAccountTarget": {
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",
"type" : "addressBook",
"accountTargetEmails" : [
"[email protected]"
]
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Simulation
{
DisplayName = "Graph Simulation",
DurationInDays = 7,
AttackTechnique = SimulationAttackTechnique.CredentialHarvesting,
AttackType = SimulationAttackType.Social,
Status = SimulationStatus.Scheduled,
IncludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"[email protected]",
},
},
ExcludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"[email protected]",
},
},
AdditionalData = new Dictionary<string, object>
{
{
"@odata.etag" , "\"0100aa9b-0000-0100-0000-6396fa270000\""
},
{
"[email protected]" , "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations["{simulation-id}"].PatchAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
mgc security attack-simulation simulations patch --simulation-id {simulation-id} --body '{\
"@odata.etag": "\"0100aa9b-0000-0100-0000-6396fa270000\"",\
"displayName": "Graph Simulation",\
"[email protected]":"https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",\
"durationInDays": 7,\
"attackTechnique": "credentialHarvesting",\
"attackType": "social",\
"status": "scheduled",\
"includedAccountTarget": {\
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",\
"type" : "addressBook",\
"accountTargetEmails" : [\
"[email protected]"\
]\
},\
"excludedAccountTarget": {\
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",\
"type" : "addressBook",\
"accountTargetEmails" : [\
"[email protected]"\
]\
}\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewSimulation()
displayName := "Graph Simulation"
requestBody.SetDisplayName(&displayName)
durationInDays := int32(7)
requestBody.SetDurationInDays(&durationInDays)
attackTechnique := graphmodels.CREDENTIALHARVESTING_SIMULATIONATTACKTECHNIQUE
requestBody.SetAttackTechnique(&attackTechnique)
attackType := graphmodels.SOCIAL_SIMULATIONATTACKTYPE
requestBody.SetAttackType(&attackType)
status := graphmodels.SCHEDULED_SIMULATIONSTATUS
requestBody.SetStatus(&status)
includedAccountTarget := graphmodels.NewAddressBookAccountTargetContent()
type := graphmodels.ADDRESSBOOK_ACCOUNTTARGETCONTENTTYPE
includedAccountTarget.SetType(&type)
accountTargetEmails := []string {
"[email protected]",
}
includedAccountTarget.SetAccountTargetEmails(accountTargetEmails)
requestBody.SetIncludedAccountTarget(includedAccountTarget)
excludedAccountTarget := graphmodels.NewAddressBookAccountTargetContent()
type := graphmodels.ADDRESSBOOK_ACCOUNTTARGETCONTENTTYPE
excludedAccountTarget.SetType(&type)
accountTargetEmails := []string {
"[email protected]",
}
excludedAccountTarget.SetAccountTargetEmails(accountTargetEmails)
requestBody.SetExcludedAccountTarget(excludedAccountTarget)
additionalData := map[string]interface{}{
"@odata.etag" : "\"0100aa9b-0000-0100-0000-6396fa270000\"",
"[email protected]" : "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
simulations, err := graphClient.Security().AttackSimulation().Simulations().BySimulationId("simulation-id").Patch(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setDisplayName("Graph Simulation");
simulation.setDurationInDays(7);
simulation.setAttackTechnique(SimulationAttackTechnique.CredentialHarvesting);
simulation.setAttackType(SimulationAttackType.Social);
simulation.setStatus(SimulationStatus.Scheduled);
AddressBookAccountTargetContent includedAccountTarget = new AddressBookAccountTargetContent();
includedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
includedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails = new LinkedList<String>();
accountTargetEmails.add("[email protected]");
includedAccountTarget.setAccountTargetEmails(accountTargetEmails);
simulation.setIncludedAccountTarget(includedAccountTarget);
AddressBookAccountTargetContent excludedAccountTarget = new AddressBookAccountTargetContent();
excludedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
excludedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails1 = new LinkedList<String>();
accountTargetEmails1.add("[email protected]");
excludedAccountTarget.setAccountTargetEmails(accountTargetEmails1);
simulation.setExcludedAccountTarget(excludedAccountTarget);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("@odata.etag", "\"0100aa9b-0000-0100-0000-6396fa270000\"");
additionalData.put("[email protected]", "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a");
simulation.setAdditionalData(additionalData);
Simulation result = graphClient.security().attackSimulation().simulations().bySimulationId("{simulation-id}").patch(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const simulation = {
'@odata.etag': '\"0100aa9b-0000-0100-0000-6396fa270000\"',
displayName: 'Graph Simulation',
'[email protected]':'https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
durationInDays: 7,
attackTechnique: 'credentialHarvesting',
attackType: 'social',
status: 'scheduled',
includedAccountTarget: {
'@odata.type': '#microsoft.graph.addressBookAccountTargetContent',
type: 'addressBook',
accountTargetEmails: [
'[email protected]'
]
},
excludedAccountTarget: {
'@odata.type': '#microsoft.graph.addressBookAccountTargetContent',
type: 'addressBook',
accountTargetEmails: [
'[email protected]'
]
}
};
await client.api('/security/attackSimulation/simulations/2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc')
.update(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Simulation;
use Microsoft\Graph\Generated\Models\SimulationAttackTechnique;
use Microsoft\Graph\Generated\Models\SimulationAttackType;
use Microsoft\Graph\Generated\Models\SimulationStatus;
use Microsoft\Graph\Generated\Models\AddressBookAccountTargetContent;
use Microsoft\Graph\Generated\Models\AccountTargetContentType;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Simulation();
$requestBody->setDisplayName('Graph Simulation');
$requestBody->setDurationInDays(7);
$requestBody->setAttackTechnique(new SimulationAttackTechnique('credentialHarvesting'));
$requestBody->setAttackType(new SimulationAttackType('social'));
$requestBody->setStatus(new SimulationStatus('scheduled'));
$includedAccountTarget = new AddressBookAccountTargetContent();
$includedAccountTarget->setOdataType('#microsoft.graph.addressBookAccountTargetContent');
$includedAccountTarget->setType(new AccountTargetContentType('addressBook'));
$includedAccountTarget->setAccountTargetEmails(['[email protected]', ]);
$requestBody->setIncludedAccountTarget($includedAccountTarget);
$excludedAccountTarget = new AddressBookAccountTargetContent();
$excludedAccountTarget->setOdataType('#microsoft.graph.addressBookAccountTargetContent');
$excludedAccountTarget->setType(new AccountTargetContentType('addressBook'));
$excludedAccountTarget->setAccountTargetEmails(['[email protected]', ]);
$requestBody->setExcludedAccountTarget($excludedAccountTarget);
$additionalData = [
'@odata.etag' => '\"0100aa9b-0000-0100-0000-6396fa270000\"',
'[email protected]' => 'https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->security()->attackSimulation()->simulations()->bySimulationId('simulation-id')->patch($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.simulation import Simulation
from msgraph.generated.models.simulation_attack_technique import SimulationAttackTechnique
from msgraph.generated.models.simulation_attack_type import SimulationAttackType
from msgraph.generated.models.simulation_status import SimulationStatus
from msgraph.generated.models.address_book_account_target_content import AddressBookAccountTargetContent
from msgraph.generated.models.account_target_content_type import AccountTargetContentType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Simulation(
display_name = "Graph Simulation",
duration_in_days = 7,
attack_technique = SimulationAttackTechnique.CredentialHarvesting,
attack_type = SimulationAttackType.Social,
status = SimulationStatus.Scheduled,
included_account_target = AddressBookAccountTargetContent(
odata_type = "#microsoft.graph.addressBookAccountTargetContent",
type = AccountTargetContentType.AddressBook,
account_target_emails = [
"[email protected]",
],
),
excluded_account_target = AddressBookAccountTargetContent(
odata_type = "#microsoft.graph.addressBookAccountTargetContent",
type = AccountTargetContentType.AddressBook,
account_target_emails = [
"[email protected]",
],
),
additional_data = {
"@odata_etag" : "\"0100aa9b-0000-0100-0000-6396fa270000\"",
"payload@odata_bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
}
)
result = await graph_client.security.attack_simulation.simulations.by_simulation_id('simulation-id').patch(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
HTTP/1.1 202 Accepted
Example 2: Update an attack simulation campaign from draft to scheduled
The following example shows how to schedule an attack simulation campaign. The simulation request is validated when scheduling a simulation. All the required parameters need to be propagated in such request.
Request
The following example shows a request.
PATCH https://graph.microsoft.com/v1.0/security/attackSimulation/simulations/2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc
Content-type: application/json
{
"@odata.etag": "\"0100aa9b-0000-0100-0000-6396fa270000\"",
"id": "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
"displayName": "Graph Simulation",
"[email protected]":"https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
"durationInDays": 7,
"attackTechnique": "credentialHarvesting",
"attackType": "social",
"status": "scheduled",
"includedAccountTarget": {
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",
"type" : "addressBook",
"accountTargetEmails" : [
"[email protected]"
]
},
"excludedAccountTarget": {
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",
"type" : "addressBook",
"accountTargetEmails" : [
"[email protected]"
]
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Simulation
{
Id = "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
DisplayName = "Graph Simulation",
DurationInDays = 7,
AttackTechnique = SimulationAttackTechnique.CredentialHarvesting,
AttackType = SimulationAttackType.Social,
Status = SimulationStatus.Scheduled,
IncludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"[email protected]",
},
},
ExcludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"[email protected]",
},
},
AdditionalData = new Dictionary<string, object>
{
{
"@odata.etag" , "\"0100aa9b-0000-0100-0000-6396fa270000\""
},
{
"[email protected]" , "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations["{simulation-id}"].PatchAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
mgc security attack-simulation simulations patch --simulation-id {simulation-id} --body '{\
"@odata.etag": "\"0100aa9b-0000-0100-0000-6396fa270000\"",\
"id": "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",\
"displayName": "Graph Simulation",\
"[email protected]":"https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",\
"durationInDays": 7,\
"attackTechnique": "credentialHarvesting",\
"attackType": "social",\
"status": "scheduled",\
"includedAccountTarget": {\
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",\
"type" : "addressBook",\
"accountTargetEmails" : [\
"[email protected]"\
]\
},\
"excludedAccountTarget": {\
"@odata.type": "#microsoft.graph.addressBookAccountTargetContent",\
"type" : "addressBook",\
"accountTargetEmails" : [\
"[email protected]"\
]\
}\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewSimulation()
id := "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc"
requestBody.SetId(&id)
displayName := "Graph Simulation"
requestBody.SetDisplayName(&displayName)
durationInDays := int32(7)
requestBody.SetDurationInDays(&durationInDays)
attackTechnique := graphmodels.CREDENTIALHARVESTING_SIMULATIONATTACKTECHNIQUE
requestBody.SetAttackTechnique(&attackTechnique)
attackType := graphmodels.SOCIAL_SIMULATIONATTACKTYPE
requestBody.SetAttackType(&attackType)
status := graphmodels.SCHEDULED_SIMULATIONSTATUS
requestBody.SetStatus(&status)
includedAccountTarget := graphmodels.NewAddressBookAccountTargetContent()
type := graphmodels.ADDRESSBOOK_ACCOUNTTARGETCONTENTTYPE
includedAccountTarget.SetType(&type)
accountTargetEmails := []string {
"[email protected]",
}
includedAccountTarget.SetAccountTargetEmails(accountTargetEmails)
requestBody.SetIncludedAccountTarget(includedAccountTarget)
excludedAccountTarget := graphmodels.NewAddressBookAccountTargetContent()
type := graphmodels.ADDRESSBOOK_ACCOUNTTARGETCONTENTTYPE
excludedAccountTarget.SetType(&type)
accountTargetEmails := []string {
"[email protected]",
}
excludedAccountTarget.SetAccountTargetEmails(accountTargetEmails)
requestBody.SetExcludedAccountTarget(excludedAccountTarget)
additionalData := map[string]interface{}{
"@odata.etag" : "\"0100aa9b-0000-0100-0000-6396fa270000\"",
"[email protected]" : "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
simulations, err := graphClient.Security().AttackSimulation().Simulations().BySimulationId("simulation-id").Patch(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setId("2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc");
simulation.setDisplayName("Graph Simulation");
simulation.setDurationInDays(7);
simulation.setAttackTechnique(SimulationAttackTechnique.CredentialHarvesting);
simulation.setAttackType(SimulationAttackType.Social);
simulation.setStatus(SimulationStatus.Scheduled);
AddressBookAccountTargetContent includedAccountTarget = new AddressBookAccountTargetContent();
includedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
includedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails = new LinkedList<String>();
accountTargetEmails.add("[email protected]");
includedAccountTarget.setAccountTargetEmails(accountTargetEmails);
simulation.setIncludedAccountTarget(includedAccountTarget);
AddressBookAccountTargetContent excludedAccountTarget = new AddressBookAccountTargetContent();
excludedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
excludedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails1 = new LinkedList<String>();
accountTargetEmails1.add("[email protected]");
excludedAccountTarget.setAccountTargetEmails(accountTargetEmails1);
simulation.setExcludedAccountTarget(excludedAccountTarget);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("@odata.etag", "\"0100aa9b-0000-0100-0000-6396fa270000\"");
additionalData.put("[email protected]", "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a");
simulation.setAdditionalData(additionalData);
Simulation result = graphClient.security().attackSimulation().simulations().bySimulationId("{simulation-id}").patch(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const simulation = {
'@odata.etag': '\"0100aa9b-0000-0100-0000-6396fa270000\"',
id: '2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc',
displayName: 'Graph Simulation',
'[email protected]':'https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
durationInDays: 7,
attackTechnique: 'credentialHarvesting',
attackType: 'social',
status: 'scheduled',
includedAccountTarget: {
'@odata.type': '#microsoft.graph.addressBookAccountTargetContent',
type: 'addressBook',
accountTargetEmails: [
'[email protected]'
]
},
excludedAccountTarget: {
'@odata.type': '#microsoft.graph.addressBookAccountTargetContent',
type: 'addressBook',
accountTargetEmails: [
'[email protected]'
]
}
};
await client.api('/security/attackSimulation/simulations/2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc')
.update(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Simulation;
use Microsoft\Graph\Generated\Models\SimulationAttackTechnique;
use Microsoft\Graph\Generated\Models\SimulationAttackType;
use Microsoft\Graph\Generated\Models\SimulationStatus;
use Microsoft\Graph\Generated\Models\AddressBookAccountTargetContent;
use Microsoft\Graph\Generated\Models\AccountTargetContentType;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Simulation();
$requestBody->setId('2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc');
$requestBody->setDisplayName('Graph Simulation');
$requestBody->setDurationInDays(7);
$requestBody->setAttackTechnique(new SimulationAttackTechnique('credentialHarvesting'));
$requestBody->setAttackType(new SimulationAttackType('social'));
$requestBody->setStatus(new SimulationStatus('scheduled'));
$includedAccountTarget = new AddressBookAccountTargetContent();
$includedAccountTarget->setOdataType('#microsoft.graph.addressBookAccountTargetContent');
$includedAccountTarget->setType(new AccountTargetContentType('addressBook'));
$includedAccountTarget->setAccountTargetEmails(['[email protected]', ]);
$requestBody->setIncludedAccountTarget($includedAccountTarget);
$excludedAccountTarget = new AddressBookAccountTargetContent();
$excludedAccountTarget->setOdataType('#microsoft.graph.addressBookAccountTargetContent');
$excludedAccountTarget->setType(new AccountTargetContentType('addressBook'));
$excludedAccountTarget->setAccountTargetEmails(['[email protected]', ]);
$requestBody->setExcludedAccountTarget($excludedAccountTarget);
$additionalData = [
'@odata.etag' => '\"0100aa9b-0000-0100-0000-6396fa270000\"',
'[email protected]' => 'https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a',
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->security()->attackSimulation()->simulations()->bySimulationId('simulation-id')->patch($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.simulation import Simulation
from msgraph.generated.models.simulation_attack_technique import SimulationAttackTechnique
from msgraph.generated.models.simulation_attack_type import SimulationAttackType
from msgraph.generated.models.simulation_status import SimulationStatus
from msgraph.generated.models.address_book_account_target_content import AddressBookAccountTargetContent
from msgraph.generated.models.account_target_content_type import AccountTargetContentType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Simulation(
id = "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
display_name = "Graph Simulation",
duration_in_days = 7,
attack_technique = SimulationAttackTechnique.CredentialHarvesting,
attack_type = SimulationAttackType.Social,
status = SimulationStatus.Scheduled,
included_account_target = AddressBookAccountTargetContent(
odata_type = "#microsoft.graph.addressBookAccountTargetContent",
type = AccountTargetContentType.AddressBook,
account_target_emails = [
"[email protected]",
],
),
excluded_account_target = AddressBookAccountTargetContent(
odata_type = "#microsoft.graph.addressBookAccountTargetContent",
type = AccountTargetContentType.AddressBook,
account_target_emails = [
"[email protected]",
],
),
additional_data = {
"@odata_etag" : "\"0100aa9b-0000-0100-0000-6396fa270000\"",
"payload@odata_bind" : "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a",
}
)
result = await graph_client.security.attack_simulation.simulations.by_simulation_id('simulation-id').patch(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
HTTP/1.1 202 Accepted
Example 3: Cancel an attack simulation campaign
The following example shows how to cancel an attack simulation campaign for a tenant. You can cancel a simulation when its state is either scheduled or running.
Request
The following example shows a request.
PATCH https://graph.microsoft.com/v1.0/security/attackSimulation/simulations/2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc
Content-type: application/json
{
"@odata.etag": "\"0100aa9b-0000-0100-0000-6396fa270000\"",
"id": "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
"status": "cancelled"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Simulation
{
Id = "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
Status = SimulationStatus.Cancelled,
AdditionalData = new Dictionary<string, object>
{
{
"@odata.etag" , "\"0100aa9b-0000-0100-0000-6396fa270000\""
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations["{simulation-id}"].PatchAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
mgc security attack-simulation simulations patch --simulation-id {simulation-id} --body '{\
"@odata.etag": "\"0100aa9b-0000-0100-0000-6396fa270000\"",\
"id": "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",\
"status": "cancelled"\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewSimulation()
id := "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc"
requestBody.SetId(&id)
status := graphmodels.CANCELLED_SIMULATIONSTATUS
requestBody.SetStatus(&status)
additionalData := map[string]interface{}{
"@odata.etag" : "\"0100aa9b-0000-0100-0000-6396fa270000\"",
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
simulations, err := graphClient.Security().AttackSimulation().Simulations().BySimulationId("simulation-id").Patch(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setId("2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc");
simulation.setStatus(SimulationStatus.Cancelled);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("@odata.etag", "\"0100aa9b-0000-0100-0000-6396fa270000\"");
simulation.setAdditionalData(additionalData);
Simulation result = graphClient.security().attackSimulation().simulations().bySimulationId("{simulation-id}").patch(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const simulation = {
'@odata.etag': '\"0100aa9b-0000-0100-0000-6396fa270000\"',
id: '2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc',
status: 'cancelled'
};
await client.api('/security/attackSimulation/simulations/2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc')
.update(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Simulation;
use Microsoft\Graph\Generated\Models\SimulationStatus;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Simulation();
$requestBody->setId('2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc');
$requestBody->setStatus(new SimulationStatus('cancelled'));
$additionalData = [
'@odata.etag' => '\"0100aa9b-0000-0100-0000-6396fa270000\"',
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->security()->attackSimulation()->simulations()->bySimulationId('simulation-id')->patch($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.simulation import Simulation
from msgraph.generated.models.simulation_status import SimulationStatus
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Simulation(
id = "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
status = SimulationStatus.Cancelled,
additional_data = {
"@odata_etag" : "\"0100aa9b-0000-0100-0000-6396fa270000\"",
}
)
result = await graph_client.security.attack_simulation.simulations.by_simulation_id('simulation-id').patch(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
HTTP/1.1 202 Accepted
Example 4: Exclude an attack simulation campaign
The following example shows how to exclude an attack simulation campaign for a tenant. You can only exclude a simulation from any reporting when its state is cancelled.
Request
The following example shows a request.
PATCH https://graph.microsoft.com/v1.0/security/attackSimulation/simulations/2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc
Content-type: application/json
{
"@odata.etag": "\"0100aa9b-0000-0100-0000-6396fa270000\"",
"id": "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
"status": "excluded"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Simulation
{
Id = "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
Status = SimulationStatus.Excluded,
AdditionalData = new Dictionary<string, object>
{
{
"@odata.etag" , "\"0100aa9b-0000-0100-0000-6396fa270000\""
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations["{simulation-id}"].PatchAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
mgc security attack-simulation simulations patch --simulation-id {simulation-id} --body '{\
"@odata.etag": "\"0100aa9b-0000-0100-0000-6396fa270000\"",\
"id": "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",\
"status": "excluded"\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewSimulation()
id := "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc"
requestBody.SetId(&id)
status := graphmodels.EXCLUDED_SIMULATIONSTATUS
requestBody.SetStatus(&status)
additionalData := map[string]interface{}{
"@odata.etag" : "\"0100aa9b-0000-0100-0000-6396fa270000\"",
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
simulations, err := graphClient.Security().AttackSimulation().Simulations().BySimulationId("simulation-id").Patch(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setId("2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc");
simulation.setStatus(SimulationStatus.Excluded);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("@odata.etag", "\"0100aa9b-0000-0100-0000-6396fa270000\"");
simulation.setAdditionalData(additionalData);
Simulation result = graphClient.security().attackSimulation().simulations().bySimulationId("{simulation-id}").patch(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const simulation = {
'@odata.etag': '\"0100aa9b-0000-0100-0000-6396fa270000\"',
id: '2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc',
status: 'excluded'
};
await client.api('/security/attackSimulation/simulations/2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc')
.update(simulation);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Simulation;
use Microsoft\Graph\Generated\Models\SimulationStatus;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Simulation();
$requestBody->setId('2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc');
$requestBody->setStatus(new SimulationStatus('excluded'));
$additionalData = [
'@odata.etag' => '\"0100aa9b-0000-0100-0000-6396fa270000\"',
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->security()->attackSimulation()->simulations()->bySimulationId('simulation-id')->patch($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.simulation import Simulation
from msgraph.generated.models.simulation_status import SimulationStatus
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Simulation(
id = "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
status = SimulationStatus.Excluded,
additional_data = {
"@odata_etag" : "\"0100aa9b-0000-0100-0000-6396fa270000\"",
}
)
result = await graph_client.security.attack_simulation.simulations.by_simulation_id('simulation-id').patch(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
HTTP/1.1 202 Accepted