BRUTE FORCE ATTACK 

A Brute force attack against a password system attempts to exhaustively enumerate and try all password combinations. The increasing computational power of computers makes it computationally practical to guess longer and longer password. To overcome this, password length and complexity requirements can be introduced, to make guessing impractical again. 

How To Simulate A Brute Force Attack In Office 365? 

1. In the Security & Compliance Center, choose Threat management > Attack simulator. 

2. From the options, choose the attack Brute Force Password and press the Launch Attack button to begin the wizard. 

3. Name the new campaign and then press Next. 

4. Select the Target users, by choosing specific user accounts or groups. 

5. Once you have selected the users or groups, press Next then set the password properties as needed. 

6. Either a single password can be entered, which can be useful for checking single passwords. A file can also be uploaded, that contains multiple passwords, allowing for iteration of the password list against the selected accounts. If a single password is used, type the password in the name box, or if a file is needed to be uploaded, upload it using the link shown in the figure. 

7. Once the attack is complete, the status is updated, and a View Report link is then available. 

8. Clicking this link then displays the number of accounts with passwords that matched any of the values within the password file used within the attack. 

9. You can also see a short report by clicking the Attack Details link, within the specific attack displayed on the Attack Simulator page.