Microsoft Enhances Defender for Office 365 with Detailed Spam and Phishing Analysis

Microsoft has announced a significant upgrade to its Defender for Office 365 platform, introducing a new AI-powered capability designed to provide unprecedented clarity into why emails are classified as spam, phishing, or clean.

This enhancement, powered by large language models (LLMs), aims to bolster email security for organizations worldwide by offering clear, human-readable explanations for email submission results—a leap forward in transparency and threat understanding.

AI-Powered Explainability Arrives

Rolling out globally from late June to mid-July 2025, this feature will be available by default and requires no administrative action for activation.

Administrators and security teams can access these AI-generated explanations directly within the Microsoft Defender portal.

By navigating to the “Actions & Submissions” section and selecting the “Emails” tab, users will find a new “Result Details” section that, when available, displays the AI-generated rationale behind each classification.

These explanations may include:

• The reasoning behind the email’s classification (spam, phishing, clean, or bulk)
• Key indicators and signals used in the decision process
• Optional behavioral insights to provide additional context

If for any reason the AI explanation is unavailable, the system will revert to the standard, less-detailed explanation previously provided.

How It Works

The new capability leverages advanced LLMs and natural language processing to analyze suspicious emails, mirroring the analytical approach of a seasoned human security analyst, but at scale and speed unattainable by manual review.

These models have been trained on thousands of real-world phishing and spam attempts, allowing them to recognize subtle manipulations, evolving attack patterns, and even the intent behind sophisticated social engineering tactics.

Supported result types for LLM explanations include:

• Unknown: No verdict due to inaccessible content or analyst disagreement
• Bulk: Identified as mass marketing or non-targeted messages
• Spam: Classified as unsolicited or malicious spam
• No threats found: Determined to be clean
• Threats found: Identified as containing malicious content

Benefits for Organizations

This update is expected to provide several key benefits:

• Enhanced transparency, enabling security teams to understand exactly why an email was flagged or allowed
• Faster and more accurate incident response, as analysts can quickly grasp the rationale behind each classification
• Improved user trust, as organizations can communicate with greater confidence about the nature of email threats and the protections in place6

Microsoft’s continued investment in AI-driven security reflects the growing sophistication of email-based threats, including phishing, ransomware, and business email compromise.

By making the reasoning behind threat detection more accessible, Microsoft empowers organizations to stay ahead of attackers and maintain a robust security posture.

No immediate action is required from administrators, but Microsoft recommends reviewing internal workflows and documentation to ensure teams are ready to leverage the new explanations as they become available.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates