We are pleased to announce that Microsoft Defender for Office 365 now features large language model (LLM)-powered responses within the submission workflow. This update provides security and Exchange admins with clear, actionable insights into the reasons behind the classification of each submission whether as spam, phishing, bulk, or clean - enabling more informed decision-making and response.
What's new?
Historically, submission results such as Threats found or No threats found have provided limited insight into the reasoning behind classification decisions. The implementation of AI-LLM-based responses addresses this limitation by delivering intuitive and context-rich explanations that clarify why a message was categorized as spam, phishing, bulk, or clean. This enhancement reduces ambiguity and facilitates faster, more accurate responses by administrators. LLM-based responses are now available for administrative email submissions made from any location within the Defender portal.
Where can you see LLM based responses?
Submissions page at https://security.microsoft.com/reportsubmission
: On the Emails tab, select entry to view the LLM based explanation in the details flyout.
Example-
Example where submissions response came as clean-
No threats found. The email is a simple and benign message with no malicious content or suspicious links. The sender and recipient both belong to the same domain (contoso.com), indicating internal communication. Interacting with this email poses no risk as it contains no harmful elements.
Example where submissions response came as malicious-
Threats found. The sender's email address (bad-vaibhav@contosoo.com) is suspicious and not associated with any legitimate organization. The email subject uses excessive promotional language and emojis, which is typical of spam emails. Interacting with the message could lead to unwanted advertisements or potential scams. Clicking on the provided link leads to a Contoso login page, which is a standard procedure for accessing internal resources.
Key Result Types with LLM Support
For the result types like Threats found, No threat found, Bulk, Spam and a few Unknowns, you will see the LLM-based explanation. However, if for any reason the AI-generated explanation is unavailable, the system will fall back to the existing explanation, ensuring continuity in the experience.
Learn more:
Check out our documentation for more details on submission workflows and AI-LLM based integration.
Have feedback or questions about LLM based response? Join the conversation in the Microsoft Defender for Office 365 community forum.
Microsoft