Microsoft Defender for Office 365 Adds AI-Powered Threat Classification to Boost Email Security

Microsoft Defender for Office 365 is getting a new AI-powered Threat Classification feature to enhance email security.

Published: Jan 16, 2025

Security hero image

SHARE ARTICLE

Key Takeaways:

  • Microsoft Defender for Office 365 will add a Threat Classification feature to identify the intent behind email threats.
  • The feature includes tools for better trend analysis and custom detection rule creation.
  • Key areas like the Email Summary panel and Email Entity page now include Threat classification fields.

Microsoft is introducing a new Threat classification feature in Defender for Office 365 to improve email security. This tool leverages AI and machine learning to help security teams identify and understand the intent behind email threats.

The latest update allows administrators to incorporate Threat classification information into key features of the Defender portal, improving detection, analysis, and response within their organizations. It uses advanced techniques like large language models (LLMs) and machine learning (ML) to better understand the intent behind threats.

How does the Threat classification feature work?

The new Threat classification feature offers several improvements for security analysts, such as granular threat identification, enhanced incident analysis, faster response, and inclusion in advanced hunting. It categorizes phishing threats into types like Invoice Scams, Corporate Data Theft, Payroll Fraud, Lure-Based Attacks, and Gift Card Fraud.

On the Threat Explorer page, administrators can filter emails by Threat classification, view classifications in the results, analyze trends using charts, and export data with classification details. On the Advanced Hunting page, the ThreatClassification column in the EmailEvents table enables the creation of custom detection rules based on classification information.

Microsoft Defender for Office 365 Adds AI-Powered Threat Classification to Boost Email Security
Threat Explorer (Image Credit: Microsoft)

The Email Summary panel will integrate Threat classification across various areas, such as Alerts, Incidents, Reports, AIR, Submission, Explorer, and Advanced Hunting. Additionally, the Email Entity page will feature a new Threat classification field in the threat detection details. It should help IT administrators understand the context and intent behind detected threats.

The new Threat Classification feature is expected to become available to all Microsoft Defender for Office 365 customers later this month. Microsoft advises administrators to update their custom detection rules and automated workflows to include Threat classification.

SHARE ARTICLE