PHISHING SIMULATION AUTOMATION: GOPHISH CAMPAIGNS WITH AZURE AD CONDITIONAL ACCESS AND USERRISK-BASED TRAINING
Abstract
Phishing remains one of the most persistent threats to organizational cybersecurity. This study presents an automated framework integrating Gophish-based phishing simulations with Microsoft Azure Active Directory (Azure AD) to enhance user awareness and response. The system leverages Azure AD's UserRisk scores to identify high-risk individuals and dynamically applies Conditional Access policies to restrict access following a phishing attempt. Upon detecting risky behavior, affected users are enrolled in SCORM-compliant cybersecurity training tailored to their actions. PyTorch-based Natural Language Processing (NLP) models analyze click-through behavior, enabling adaptive content delivery. This research demonstrates a closed-loop mechanism that detects, responds to, and educates users quickly, reducing organizational vulnerability to social engineering attacks.