Microsoft Defender for Office 365 Now Provides Detailed Email Analysis

Microsoft Defender for Office 365 is launching an AI-powered feature to enhance threat analysis transparency for enterprise administrators.

The new capability, identified as MC1098943 and roadmap item 488098, uses large language models (LLMs) to generate human-readable explanations for email submission verdicts.

This innovation addresses the complexity of interpreting security classifications like “Bulk,” “Spam,” or “Threats found” by providing contextual reasoning behind Microsoft’s analysis.

Rollout begins globally in late June 2025, completing by mid-July, with no administrative configuration required.

LLM-Driven Threat Rationalization

The AI engine analyzes email submissions to produce explanations featuring:

  • Classification reasoning (e.g., why an item was flagged as phishing)
  • Key indicators used in decision-making
  • Behavioral insights about sender patterns
    Supported verdicts include Spam, Bulk, Threats found, No threats found, and Unknown.
  • For unsupported scenarios—such as Teams messages, URLs, or file submissions—the system reverts to traditional explanations.
  • This functionality exclusively processes admin-submitted emails, not user-reported content.

Technical Implementation and Access

To view AI-generated insights:

  1. Navigate to https://security.microsoft.com
  2. Access Actions & Submissions > Submissions
  3. Select the Emails tab and open a submission
  4. Check the Result Details section for explanations
    The feature integrates with existing submission workflows that perform:
  • Email authentication checks (SPF/DKIM/DMARC)
  • Policy hit analysis (organizational/user overrides)
  • Payload detonation (URL/attachment examination).

Organizational Impact and Preparedness

While the feature activates automatically, Microsoft recommends:

  • Reviewing submission review workflows
  • Updating internal documentation with new explanation formats
  • Notifying security teams about enhanced diagnostic capabilities
    This enhancement complements Defender for Office 365’s existing threat protection layers, including grader analysis and payload detonation, without modifying data processing boundaries for GCC High/DoD environments.

The AI-powered explainability represents a significant advancement in security transparency, enabling administrators to make faster, more informed decisions about email threats.

By translating technical verdicts like BCL (Bulk Complaint Level) thresholds and SCL (Spam Confidence Level) overrides into actionable insights, Microsoft reduces the operational burden of threat investigation while maintaining Defender’s robust detection capabilities.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates

AnuPriya
AnuPriya
Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here