Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
In the request body, supply only the values for properties that should be updated. Existing properties that aren't included in the request body maintains their previous values or be recalculated based on changes to other property values.
The following table specifies the properties that can be updated.
The social engineering technique used in the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, credentialHarvesting, attachmentMalware, driveByUrl, linkInAttachment, linkToMalwareFile, unknownFutureValue, oAuthConsentGrant. Note that you must use the Prefer: include-unknown-enum-members request header to get the following values from this evolvable enum: oAuthConsentGrant. For more information about the types of social engineering attack techniques, see simulations.
Attack type of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, social, cloud, endpoint, unknownFutureValue.
displayName
String
Display name of the attack simulation and training campaign. Supports $filter and $orderby.
Status of the attack simulation and training campaign. Supports $filter and $orderby. Possible values are: unknown, draft, running, scheduled, succeeded, failed, cancelled, excluded, unknownFutureValue.
Response
If successful, this method returns a 202 Accepted response code and a tracking header named location in the response.
Examples
Example 1: Update an attack simulation campaign
The following example shows how to update an attack simulation campaign for a tenant.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Simulation
{
DisplayName = "Graph Simulation",
DurationInDays = 7,
AttackTechnique = SimulationAttackTechnique.CredentialHarvesting,
AttackType = SimulationAttackType.Social,
Status = SimulationStatus.Scheduled,
IncludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"faiza@contoso.com",
},
},
ExcludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"sam@contoso.com",
},
},
AdditionalData = new Dictionary<string, object>
{
{
"@odata.etag" , "\"0100aa9b-0000-0100-0000-6396fa270000\""
},
{
"payload@odata.bind" , "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations["{simulation-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setDisplayName("Graph Simulation");
simulation.setDurationInDays(7);
simulation.setAttackTechnique(SimulationAttackTechnique.CredentialHarvesting);
simulation.setAttackType(SimulationAttackType.Social);
simulation.setStatus(SimulationStatus.Scheduled);
AddressBookAccountTargetContent includedAccountTarget = new AddressBookAccountTargetContent();
includedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
includedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails = new LinkedList<String>();
accountTargetEmails.add("faiza@contoso.com");
includedAccountTarget.setAccountTargetEmails(accountTargetEmails);
simulation.setIncludedAccountTarget(includedAccountTarget);
AddressBookAccountTargetContent excludedAccountTarget = new AddressBookAccountTargetContent();
excludedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
excludedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails1 = new LinkedList<String>();
accountTargetEmails1.add("sam@contoso.com");
excludedAccountTarget.setAccountTargetEmails(accountTargetEmails1);
simulation.setExcludedAccountTarget(excludedAccountTarget);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("@odata.etag", "\"0100aa9b-0000-0100-0000-6396fa270000\"");
additionalData.put("payload@odata.bind", "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a");
simulation.setAdditionalData(additionalData);
Simulation result = graphClient.security().attackSimulation().simulations().bySimulationId("{simulation-id}").patch(simulation);
Example 2: Update an attack simulation campaign from draft to scheduled
The following example shows how to schedule an attack simulation campaign. The simulation request is validated when scheduling a simulation. All the required parameters need to be propagated in such request.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Simulation
{
Id = "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
DisplayName = "Graph Simulation",
DurationInDays = 7,
AttackTechnique = SimulationAttackTechnique.CredentialHarvesting,
AttackType = SimulationAttackType.Social,
Status = SimulationStatus.Scheduled,
IncludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"faiza@contoso.com",
},
},
ExcludedAccountTarget = new AddressBookAccountTargetContent
{
OdataType = "#microsoft.graph.addressBookAccountTargetContent",
Type = AccountTargetContentType.AddressBook,
AccountTargetEmails = new List<string>
{
"sam@contoso.com",
},
},
AdditionalData = new Dictionary<string, object>
{
{
"@odata.etag" , "\"0100aa9b-0000-0100-0000-6396fa270000\""
},
{
"payload@odata.bind" , "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a"
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations["{simulation-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setId("2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc");
simulation.setDisplayName("Graph Simulation");
simulation.setDurationInDays(7);
simulation.setAttackTechnique(SimulationAttackTechnique.CredentialHarvesting);
simulation.setAttackType(SimulationAttackType.Social);
simulation.setStatus(SimulationStatus.Scheduled);
AddressBookAccountTargetContent includedAccountTarget = new AddressBookAccountTargetContent();
includedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
includedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails = new LinkedList<String>();
accountTargetEmails.add("faiza@contoso.com");
includedAccountTarget.setAccountTargetEmails(accountTargetEmails);
simulation.setIncludedAccountTarget(includedAccountTarget);
AddressBookAccountTargetContent excludedAccountTarget = new AddressBookAccountTargetContent();
excludedAccountTarget.setOdataType("#microsoft.graph.addressBookAccountTargetContent");
excludedAccountTarget.setType(AccountTargetContentType.AddressBook);
LinkedList<String> accountTargetEmails1 = new LinkedList<String>();
accountTargetEmails1.add("sam@contoso.com");
excludedAccountTarget.setAccountTargetEmails(accountTargetEmails1);
simulation.setExcludedAccountTarget(excludedAccountTarget);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("@odata.etag", "\"0100aa9b-0000-0100-0000-6396fa270000\"");
additionalData.put("payload@odata.bind", "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/12345678-9abc-def0-123456789a");
simulation.setAdditionalData(additionalData);
Simulation result = graphClient.security().attackSimulation().simulations().bySimulationId("{simulation-id}").patch(simulation);
The following example shows how to cancel an attack simulation campaign for a tenant. You can cancel a simulation when its state is either scheduled or running.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Simulation
{
Id = "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
Status = SimulationStatus.Cancelled,
AdditionalData = new Dictionary<string, object>
{
{
"@odata.etag" , "\"0100aa9b-0000-0100-0000-6396fa270000\""
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations["{simulation-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setId("2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc");
simulation.setStatus(SimulationStatus.Cancelled);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("@odata.etag", "\"0100aa9b-0000-0100-0000-6396fa270000\"");
simulation.setAdditionalData(additionalData);
Simulation result = graphClient.security().attackSimulation().simulations().bySimulationId("{simulation-id}").patch(simulation);
The following example shows how to exclude an attack simulation campaign for a tenant. You can only exclude a simulation from any reporting when its state is cancelled.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Simulation
{
Id = "2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc",
Status = SimulationStatus.Excluded,
AdditionalData = new Dictionary<string, object>
{
{
"@odata.etag" , "\"0100aa9b-0000-0100-0000-6396fa270000\""
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AttackSimulation.Simulations["{simulation-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Simulation simulation = new Simulation();
simulation.setId("2f5548d1-0dd8-4cc8-9de0-e0d6ec7ea3dc");
simulation.setStatus(SimulationStatus.Excluded);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("@odata.etag", "\"0100aa9b-0000-0100-0000-6396fa270000\"");
simulation.setAdditionalData(additionalData);
Simulation result = graphClient.security().attackSimulation().simulations().bySimulationId("{simulation-id}").patch(simulation);
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.