Microsoft is set to enhance email security transparency by introducing AI-driven explanations for email classification results in Microsoft Defender for Office 365. This innovative feature leverages large language models (LLMs) to provide users with clear, human-readable justifications for why emails are categorized as spam, phishing, or clean.
Advancement in Email Security Transparency
Traditionally, users have received email classification results without understanding the underlying reasons. This lack of clarity can lead to confusion and reduced trust in email security systems. To address this, Microsoft is implementing sophisticated LLMs to generate comprehensive explanations for each email classification decision.
Key Features of the AI-Generated Explanations
The new AI-powered explanations will include several components designed to enhance user comprehension:
– Specific Reasoning: Detailed insights into why an email was classified in a particular way.
– Key Indicators: Identification of specific elements within the email that influenced the classification decision.
– Behavioral Insights: Optional context about sender patterns or message characteristics that contributed to the classification.
In instances where the AI explanation system is unavailable, the platform will revert to standard explanations to ensure a consistent user experience.
Supported Classification Result Types
The AI-generated explanations will cover five distinct result types:
1. Unknown: Occurs when Microsoft cannot reach a definitive decision due to inaccessible content or analyst disagreement.
2. Bulk: Identifies senders as bulk mailers with potential future blocking based on the Bulk Complaint Level (BCL).
3. Spam: Triggers blocking of similar items based on the Spam Confidence Level (SCL).
4. No Threats Found: Indicates clean content with potential filter updates.
5. Threats Found: Identifies malicious content requiring immediate filter modifications.
Rollout Timeline and Availability
The rollout of this feature is scheduled from late June 2025 through mid-July 2025, with global availability planned across all Microsoft Defender for Office 365 deployments. This feature will be enabled by default, requiring no administrative intervention or configuration changes, thereby streamlining the implementation process for organizations worldwide.
Accessing AI-Generated Explanations
To access the AI-generated explanations, users should navigate to the Microsoft Defender portal at [https://security.microsoft.com](https://security.microsoft.com). From there, go to Actions & Submissions > Submissions or directly visit [https://security.microsoft.com/reportsubmission](https://security.microsoft.com/reportsubmission). Users must select the Emails tab and open specific submissions to view AI-generated explanations in the Result Details section.
Scope of the Feature
Currently, this feature specifically targets email submissions within the Microsoft Defender portal. It does not extend to files, Teams messages, URLs, or other user-submitted content types. This focused approach ensures that the AI explanations are tailored and relevant to email security, providing users with precise and actionable information.
Implications for Organizations
The introduction of AI-powered explanations in Microsoft Defender for Office 365 represents a significant advancement in email security transparency. By providing clear and detailed justifications for email classifications, organizations can:
– Enhance User Trust: Users gain a better understanding of why certain emails are flagged, fostering trust in the email security system.
– Improve Security Awareness: Detailed explanations can serve as educational tools, helping users recognize potential threats and understand the characteristics of malicious emails.
– Streamline Security Operations: Security teams can leverage the detailed insights to fine-tune email filtering rules and respond more effectively to emerging threats.
Conclusion
Microsoft’s integration of AI-driven explanations into Defender for Office 365 marks a pivotal step toward demystifying email security processes. By harnessing the power of large language models, this feature not only enhances transparency but also empowers users and organizations to engage more proactively in their cybersecurity efforts. As cyber threats continue to evolve, such innovations are crucial in maintaining robust and user-friendly security infrastructures.
