What and Why
We are introducing prompt injection protection for email in Microsoft Defender for Office 365. This capability detects and blocks malicious prompt injection content embedded in email messages that attempt to manipulate AI assistants and agents. It helps protect enterprise data by identifying attacks designed to exfiltrate information, discover tools, or expose system prompts. High confidence threats are automatically quarantined before they can be processed by AI powered workflows. This enhancement strengthens enterprise ready AI security and aligns with evolving threat patterns.
Rollout Schedule
- Public Preview: Beginning early July 2026 and expected to complete by early September 2026
- General Availability (Worldwide): Beginning early September 2026 and expected to complete by early September 2026
Impact on Your Organization
Who is affected
- Organizations with Microsoft Defender for Office 365 Plan 2 or Microsoft 365 E5
Platforms and services
- Exchange Online, Microsoft Defender for Office 365, Microsoft Defender XDR services
What will happen
- Emails identified as prompt injection will be classified as High Confidence Phish.
- A new Detection Technology value called Prompt Injection Protection will be applied.
- High confidence threats will be automatically quarantined.
- The feature is enabled by default for eligible tenants.
- Existing policies and workflows remain unchanged.
- These detections will appear within existing threat investigation and reporting experiences in Microsoft Defender.
Action Required / Recommendations
No action is required.
Recommended actions:
- Review your submission and quarantine workflows.
- Use the Microsoft Defender submission process if false positives occur.
- Use Tenant Allow Block List if needed to manage exceptions.
- Inform your security and helpdesk teams about the new detection category.
Learn more: Prompt injection protection in Microsoft Defender for Office 365 | Microsoft Defender for Office 365 | Microsoft Defender | Microsoft Learn
Compliance considerations
No compliance considerations identified, review as appropriate for your organization.