What Changed
Microsoft Defender XDR solution adds new Attack Simulator Training playbook that identifies users who received phishing emails but failed to report them to SOC (deleted, marked as junk, etc.), then automatically triggers educational Attack Simulator “How-To Guide” simulations for those users.
Affected Files
Solutions/Microsoft Defender XDR/Playbooks/AttackSimulatorTrainingNonReporters/ (new playbook: azuredeploy.json, README, PowerShell permission script, documentation images)