Configure Microsoft Defender for Office 365 integration

Release version: Australia

Updated March 12, 2026

1 minute to read

Gain valuable insights into phishing simulation metrics directly within the Cybersecurity Executive Dashboard through seamless integration with Microsoft Defender for Office 365.

Before you begin

Role required: sn_sec_phish_msatk.ms_admin

About this task

To learn more about simulating a phishing attack and setting up a tenant, see:

Procedure

Navigate to All > Microsoft Attack Integration > Microsoft Attack Configurations.
Select New.

On the form, fill in the details:

Table 1. Microsoft Attack Configuration form
Field	Description
Integration Instance	Name of the integration instance. Select the integration instance using the Lookup icon.
Tenant ID	Tenant ID of the application created on the Microsoft Azure portal.
Client ID	Client ID of the application created on the Microsoft Azure portal.
Client Secret	Client secret of the application created on the Microsoft Azure portal.
Bookmark	Date from which the simulations must be fetched.
Token Url	Base URL from where the token is created to access the Microsoft Simulations API.
All Simulation Url	Base URL of the Microsoft Simulations API.

Select New if no integration instance is available.

On the form, fill in the details:

Table 2. Integration Instance form
Field	Description
Name	Name of the integration instance.
Application	Name of the application (Microsoft Defender for Office 365).
Integration	Third-party integration reference (Microsoft Attack Integration).
Active	Default is activated (selected). If cleared, the instance isn't active.
Description	Short description of the integration instance.

Select Submit.
Navigate to All > Security Simulation and Training > Integrations.
Select Microsoft Attack integration.
Select Execute Now to execute and collect data from Microsoft.