Reviewing Microsoft attack simulation reports 

In this guide, we will cover how to view the 365 phishing attack reports as well how to check who has completed training if they have been caught out by a phishing simulation.

 

iStock-1146311388

 

How to Access the Reports

First you will need to navigate to the 365 Security Centre (Click here)

This will prompt you for a password similar to the screenshot below:

Login

Enter your 365 username and password as well as completing the MFA

Attack Simulation Landing Page

 

Once logged in you will see this page.

Landing

Now navigate to Simulations in the top left and you will see a page that shows all your current simulations you have running.

Simulation-Red-Box

Reviewing all Your Simulations

Here you can see a summary of the simulations in progress and completed 

 
AST-1

This page also shows you an overview of every simulation you have running / scheduled to run.

 
Schedule

Reviewing Individual Simulations

 This page shows you a general summary of the simulation.

Percentage

 

On the left it shows a graphic on the % of people that were compromised, how many people opened the fake attachment (if relevant), read, deleted, replied or forwarded the message. It will also show if it got delivered or if the person had an out-of-office on.

On the right of the screen shows the number of people that have completed the training that gets automatically assigned and how long it took for people to be phished if they were caught.

Percentage2

For more detailed information about the targets, click on the users tab along the middle of the page and it will show you who was in this simulation as well as more information on the training status and dates they were compromised on.

More-Detail

Simulation Coverage

To review the coverage of your organisation you can go back to the home page by clicking X.

image-png-Jun-10-2025-03-11-24-3473-PM

Then click Overview along the top of the page.

AST-Red-box

From here you can select View Simulation coverage report from the drop-down option as shown in the screenshots below:

Coverage-Red-box

On this screen you can see all the people that have been targeted, how many times they have been compromised and the date of the last simulation.

 
Who-been-targetted

Training

From the User coverage page you can select Training Efficacy which will take you to the following page. Here you can see the predicted and actual compromised rate of simulations that have run so far in your organisation.

 
 
Trainin-Efficacy

You can view training completion by clicking the tab along the top of the page.

Training-completion-red-box

On this screen, you can see which training courses have been carried out by whom as well as whether they passed or failed the last simulation.

 
User-training-status

Repeat Offenders

You can view the Repeat Offenders screen by navigating via the tabs at the top.

 

 
repeat-offenders-red-box

Here it allows you to view people that have fallen for simulations multiple times and if so, which simulations.

repeat-offenders-graph

In conclusion

Now you should be able to navigate and use the information on these security pages to see how well your company is performing in your phishing simulations.