Login pages in Attack simulation training - Microsoft Defender for Office 365 (original) (raw)

In Attack simulation training in Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, login pages are shown to users in simulations that use Credential Harvest and Link in Attachment social engineering techniques.

For getting started information about Attack simulation training, see Get started using Attack simulation training.

To see the available login pages, open the Microsoft Defender portal at https://security.microsoft.com, go to Email & collaboration > Attack simulation training > Content library tab > and then select Login pages. To go directly to the Content library tab where you can select Login pages, use https://security.microsoft.com/attacksimulator?viewid=contentlibrary.

Login pages in the Content library tab has two tabs:

The following information is shown for each login page. You can sort the login pages by clicking on an available column header. Select Customize columns to change the columns that are shown. By default, all available columns are selected.

To find a login page in the list, type part of the login page name in the Search box and then press the ENTER key.

Select Filter to filter the login pages by Language or Status.

When you select a login page from the list by clicking anywhere in the row other than the check box next to the name, a details flyout appears with the following information:

Tip

To see details about other login pages without leaving the details flyout, use Previous item and Next item at the top of the flyout.

Create login pages

  1. In the Microsoft Defender portal at https://security.microsoft.com, go to Email & collaboration > Attack simulation training > Content library tab > and then select Login pages. To go directly to the Content library tab where you can select Login pages, use https://security.microsoft.com/attacksimulator?viewid=contentlibrary.
  2. On the Tenant login pages tab, select Create new to start the new login page wizard.
  3. On the Define details for login page page, configure the following settings:
    • Name: Enter a unique name.
    • Description: Enter an optional description.
      When you're finished on the Define details for login page page, select Next.
  4. On the Configure login page page, configure the following settings:
    • Select a language: The available values are: Chinese (Simplified), Chinese (Traditional), English, French, German, Italian, Japanese, Korean, Portuguese, Russian, Spanish, Dutch, and Other.
    • Make this the default login page: If you select this option, the login page is the default selection in Credential Harvest or Link in Attachment payloads or payload automations.
    • Create a two-page login: If you don't select this option, the login page is one page. If you select this option, Page 1 and Page 2 tabs appear for you to configure separately.
    • Login page content area: Two tabs are available:
      * Text tab: A rich text editor is available to create the login page. To see the typical font and formatting settings, toggle Formatting controls to On.
      The following controls are also available on the Text tab:
      * Dynamic tag: Select from the following tags:
      | Tag name | Tag value |
      | ----------------------- | -------------------------- |
      | Insert User name | ${userName} |
      | Insert First name | ${firstName} |
      | Insert Last name | ${lastName} |
      | Insert UPN | ${upn} |
      | Insert Email | ${emailAddress} |
      | Insert Department | ${department} |
      | Insert Manager | ${manager} |
      | Insert Mobile phone | ${mobilePhone} |
      | Insert City | ${city} |
      | Insert Date | ${date|MM/dd/yyyy|offset} |
      * Use from default: Select an available template to start with. You can modify the text and layout in the editing area. To reset the login page back to the default text and layout of the template, select Reset to default.
      * Add compromise button: Available on one-page logins or on Page 2 of two-page logins. Select this link to add the compromise button to the login page. The default text on the button is Submit, but you can change it.
      * Add Next button: Available only on Page 1 of two-page logins. Select this link to add the 'Next' button to the login page. The default text on the button is Next, but you can change it.
      Tip
      To add images, copy (CTRL+C) and paste (CTRL+V) the image into the editor on the Text tab. The editor automatically converts the image to Base64 as part of the HTML code.
      * Code tab: You can view and modify the HTML code directly.
      Tip
      To avoid sending passwords in plain text from custom login pages, avoid using the variable name in HTML code. Instead, use type, id, or class. For example:
      <input id="input-field-loginPage" type="password" placeholder="Password">

You can preview the results by clicking the Preview email button at the top of the page.
When you're finished on the Review login page page, select Next. 5. On the Review login page page, you can review the details of your login page.
You can select Edit in each section to modify the settings within the section. Or you can select Back or the specific page in the wizard.
When you're finished on the Review login page page, select Submit. 6. On the New login page created page, you can use the links to create a new login page, launch a simulation, or view all login pages.
When you're finished on the New login page created page, select Done. 7. Back on the Tenant login pages tab in Login pages, the login page that you created is now listed.

Modify login pages

You can't modify built-in login pages on the Global login pages tab. You can only modify custom login pages on the Tenant login pages tab.

To modify an existing custom login page on the Tenant login pages tab, do one of the following steps:

The login page wizard opens with the settings and values of the selected login page. The steps are the same as described in the Create login pages section.

Copy login pages

To copy an existing login page on the Tenant login pages or Global login pages tabs, do one of the following steps:

The login page wizard opens with the settings and values of the selected login page. The steps are the same as described in the Create login pages section.

Note

When you copy a built-in login page on the Global login pages tab, be sure to change the Name value. This step ensures the copy is saved as a custom login page on the Tenant login pages tab.

The Use from default control on the Configure login page page in the login page wizard allows you to copy the contents of a built-in login page.

When you're creating or editing a login page, the Use from default control on the Text tab of the Configure login page step in the login page wizard also allows you to copy the contents of a built-in notification.

Remove login pages

You can't remove built-in login pages from the Global login pages tab. You can only remove custom login pages from the Tenant login pages tab.

To remove an existing custom login page from the Tenant login pages tab, do one of the following steps:

Make a login page the default

The default login page is the default selection that's used in Credential Harvest or Link in Attachment payloads or payload automations.

To make a login page the default on the Tenant login pages or Global login pages tabs, do one of the following steps:

Note

The previous procedures aren't available if the login page is already the default.

The default login page is also marked in the list, although you might need to widen the Name column to see it:

The default login page marked in the list of login pages in Attack simulation training.

Get started using Attack simulation training

Create a phishing attack simulation

Simulation automations for Attack simulation training