MC1046168 - Microsoft Defender for Office: "Threat classification" in Mail flow status summary and Threat protection status reports

Service

Microsoft Defender XDR

Published

Apr 2, 2025

Tag

Feature update
Admin impact

Summary

Microsoft Defender for Office is introducing "Threat classification" into the Mail flow status summary and Threat protection status reports to better understand email attack intent. The rollout began in mid-March 2025 and will complete by late May 2025. No admin action is required, but reviewing current configurations and notifying users is recommended.

More information

Following MC973503 (Updated) Microsoft Defender for Office: Introducing "Threat classification" for email (published January 2025, updated March 2025), we will introduce Threat classification into the Mail flow status summary report and the Threat protection status report to enhance understanding of the intent behind an email attack.

When this will happen

General Availability (Worldwide): We began rolling out mid-March 2025 and expect to complete by late May 2025.

How this will affect your organization

Mail flow status report:

admin controls

Threat classification breakdown in the Mail flow status report:

admin controls

Threat classification breakdown in the Threat protection status report:

admin controls

As a result of this change, we will introduce Threat classification as a new column in the output of the Get-MailTrafficATPReport Microsoft PowerShell cmdlet:

admin controls

These changes will be available by default.

What you need to do to prepare

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your users about this change and update any relevant documentation.

Learn more