Exam MS-500 topic 2 question 6 discussion

There are two different MS 365 Attack Simulators. The first one was retired. The new version is called "Defender for Office 365 Attack simulation training". Probably some questions are about the previous version and are not appropriate for the new version. For example, I didn't find the requirements for MFA for the new version.

I think It's D. "If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes Threat Investigation and Response capabilities, you can use Attack simulation training in the Microsoft 365 Defender portal" See reference link: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide

The correct answer is D. Integrate Microsoft 365 Threat Intelligence and Microsoft Defender for Endpoint. To run the Microsoft 365 Attack simulator, a prerequisite is to integrate Microsoft 365 Threat Intelligence and Microsoft Defender for Endpoint. Microsoft 365 Threat Intelligence provides insights into global attack trends and threat intelligence data, while Microsoft Defender for Endpoint offers endpoint protection and threat detection capabilities. By integrating these two services, you can enhance your security posture and leverage the full functionality of the Attack simulator. The Attack simulator allows you to simulate real-world attack scenarios to assess your organization's security defenses and identify potential vulnerabilities. It helps you evaluate the effectiveness of your security controls, educate users about potential threats, and improve your overall security readiness.

Enabling multi-factor authentication (MFA), configuring Microsoft Defender for Office 365, or creating a Conditional Access App Control policy for accessing Microsoft 365 are not prerequisites for running Attack simulator, although they may be important security measures to implement in your environment. Correct answer is D. Integrate Microsoft 365 Threat Intelligence and Microsoft Defender for Endpoint.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide#what-do-you-need-to-know-before-you-begin - MFA is not listed as a requirement as it was before - You'll use MDO for sure, but what do they mean by "Configuring"? - No policy or whatsoever is needed - Attack Simulation training falls under MDO and not MDE, so acquiring MDE licenses is not necessary at all So guessing "configure" just means utilizing it; the correct answer would be B for the newer version of Attack Simulation...

MFA is required.

pre-req should be to config this in Defender for Office 365. Can find any reference to MFA as a pre-req

B I think Defender for office 365 is the correct answer

Very strange question. It is correct that the admin account doing the simulation needs MFA enabled, but not the users who are targeted by the campaign. But anwer D can also be correct as you dont know which plan the company has. If they have E 5 licenses, then the correct answer is A, but if they have E3 for example, you need to include Threat Investigation and Response capabilities

https://connectioncloudsupport.zendesk.com/hc/en-us/articles/4403047001881-Introduction-to-Attack-Simulator-in-Microsoft-365. Read step 2!

https://github.com/MicrosoftDocs/OfficeDocs-o365seccomp/issues/439

I ALSO THINK ITS d

100% A.