Microsoft 365 Message Center Archive

MC1098943 - Microsoft Defender for Office 365: AI-powered submissions response for improved result explainability

Message ID

MC1098943

View in Message Center

Service

Microsoft Defender XDR

Published

Jun 19, 2025

Tag

New feature
User impact
Admin impact

Roadmap ID

488098

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Defender for Office 365 is introducing AI-powered explanations for email submission results, enhancing clarity on why messages are classified as spam, phishing, or clean. This feature will roll out globally from late June to mid-July 2025 and is available by default. No admin action is required.

More information

We’re introducing a new AI-powered capability in Microsoft Defender for Office 365 that enhances the explainability of email submission results. This feature uses large language models (LLMs) to generate clear, human-readable rationales for why a submitted message was classified as spam, phishing, or clean.

This message is associated with Microsoft 365 Roadmap ID 488098.

When this will happen:

General Availability (Worldwide): We will begin rolling out late June 2025 and expect to complete by mid-July 2025.

How this will affect your organization:

This feature applies only to email submissions in the Microsoft Defender portal and does not include files, Teams messages, URLs, or user-submitted content at this time. This feature is available by default.

To view the new explanations:

  1. Go to https://security.microsoft.com
  2. Navigate to Actions & Submissions > Submissions or directly to https://security.microsoft.com/reportsubmission
  3. Select the Emails tab and open a submission
  4. In the Result Details section, you’ll see an AI-generated explanation (when available)

These AI-generated explanations may include:

  • The reasoning behind the classification
  • Key indicators used in the decision
  • Optional behavioral insights

If the AI explanation is unavailable, the system will revert to the standard explanation.

Table: Supported result types with LLM explanations:

Result Type Description
Unknown Microsoft could not reach a decision. May be due to inaccessible content or analyst disagreement.
Bulk Sender classified as bulk. Future similar items may be blocked based on BCL.
Spam Classified as spam. Future similar items may be blocked based on SCL.
No threats found Item found clean. Filters may be updated.
Threats found Item found malicious. Filters may be updated.

Screenshot: AI-generated explanation for email submission results in Microsoft Defender portal:

admin controls

What you need to do to prepare:

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review submission workflows to take advantage of the new explanations. You may want to notify your admins and/or users about this change and update internal documentation.

Learn more: Submission result definitions - Microsoft Defender for Office 365 | Microsoft Learn