check before: 2025-01-01
Product:
Defender, Defender XDR
Platform:
Online, World tenant
Status:
Change type:
Admin impact, New feature, Updated message
Links:

Details:
Summary:
Microsoft Defender for Office is introducing "Threat classification" for emails, enhancing detection and response capabilities. The system uses advanced techniques for accurate threat intent classification. It will be integrated across various features, with rollout expected in January 2025. Updated documentation is available on Microsoft Learn.
Details:
Updated January 23, 2025: We have updated our Threat Classification documentation on Microsoft Learn. You can now access the latest version from here.
Coming soon to Microsoft Defender for Office: We will introduce Threat classification details to enhance your ability to understand the intent behind email attacks. This update will allow you to integrate Threat classification information across key experiences, enabling better detection, analysis, and response. The Threat classification system utilizes large language models (LLMs), machine learning (ML) models, and other advanced techniques to understand the intent behind threats, providing a more accurate classification. As the system evolves, you can expect new Threat classifications to be added to keep pace with emerging attack methods.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out early January 2025 and expect to complete by late January 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-01-07
updated:
2025-01-24
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Inaccurate Threat Detection
Without proper preparation, the new threat classification may lead to misclassification of threats, resulting in either false positives or false negatives.
- roles: Security Analyst, IT Administrator
- references: https://learn.microsoft.com/en-us/defender-office-365/mdo-threat-classification
User Experience Degradation
Users may experience delays or interruptions in email access if the new classification system causes unexpected performance issues during the rollout.
- roles: End User, Help Desk Support
- references: https://learn.microsoft.com/en-us/defender-office-365/mdo-threat-classification
Increased Workload for IT Staff
IT staff may face an increased workload to address issues arising from the new threat classification system, including troubleshooting and updating documentation.
- roles: IT Administrator, Security Analyst
- references: https://learn.microsoft.com/en-us/defender-office-365/mdo-threat-classification
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced Threat Detection and Response
Utilizing the new Threat classification feature allows for improved threat detection and response capabilities. By understanding the intent behind email attacks, IT teams can prioritize incidents more effectively and respond to real threats faster, thereby reducing potential damage.
- next-steps: Train IT security personnel on the new Threat classification system and how to leverage it for incident response. Set up a review process to assess the effectiveness of threat responses post-implementation.
- roles: IT Security Team, Incident Response Team, IT Administrators
- references: https://learn.microsoft.com/en-us/defender-office-365/mdo-threat-classification
Improved User Awareness and Training
With the introduction of Threat classification, there is an opportunity to enhance user awareness programs. Educating users about the types of threats and their classifications can lead to better reporting and a proactive security culture within the organization.
- next-steps: Develop training materials that explain the new Threat classification system and how users can identify and report suspicious emails. Schedule training sessions and workshops to engage users.
- roles: HR Training and Development, IT Security Team, Compliance Officers
- references: https://learn.microsoft.com/en-us/defender-office-365/mdo-threat-classification
Data-Driven Security Insights
The integration of Threat classification across various features provides valuable data that can be analyzed for trends and patterns in email threats. This can help in refining security policies and improving overall security posture based on real data.
- next-steps: Implement regular analysis of the data generated from Threat classification to identify trends. Use insights gained to inform security strategy and policy adjustments.
- roles: IT Security Analysts, Risk Management Team, Compliance Officers
- references: https://learn.microsoft.com/en-us/defender-office-365/mdo-threat-classification
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

change history
Date | Property | old | new |
2025-01-24 | MC prepare | Familiarize your team with the new Threat classification details available in the Threat Explorer, Advanced Hunting, email summary panel, and email entity page.
Leverage Threat classification to enhance filtering, hunting, and trend analysis in your workflows. Prepare to update any custom detection rules or automated workflows to incorporate Threat classification for more targeted and insightful threat detection. This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your team about this change and update any relevant documentation. Before rollout, we will update this post with revised documentation. | Familiarize your team with the new Threat classification details available in the Threat Explorer, Advanced Hunting, email summary panel, and email entity page.
Leverage Threat classification to enhance filtering, hunting, and trend analysis in your workflows. Prepare to update any custom detection rules or automated workflows to incorporate Threat classification for more targeted and insightful threat detection. This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your team about this change and update any relevant documentation. Before rollout, we will update this post with revised documentation. https://learn.microsoft.com/en-us/defender-office-365/mdo-threat-classification |
2025-01-24 | MC Summary | Microsoft Defender for Office is introducing a "Threat classification" feature for emails, utilizing advanced techniques for accurate threat intent analysis. It will integrate across various experiences, aiding in better detection and response. The rollout begins early January 2025 and completes by late January 2025. Users should prepare by familiarizing with the new feature and updating workflows. | Microsoft Defender for Office is introducing "Threat classification" for emails, enhancing detection and response capabilities. The system uses advanced techniques for accurate threat intent classification. It will be integrated across various features, with rollout expected in January 2025. Updated documentation is available on Microsoft Learn. |
2025-01-24 | MC Last Updated | 01/07/2025 01:17:42 | 2025-01-23T23:36:46Z |
2025-01-24 | MC Messages | Coming soon to Microsoft Defender for Office: We will introduce Threat classification details to enhance your ability to understand the intent behind email attacks. This update will allow you to integrate Threat classification information across key experiences, enabling better detection, analysis, and response. The Threat classification system utilizes large language models (LLMs), machine learning (ML) models, and other advanced techniques to understand the intent behind threats, providing a more accurate classification. As the system evolves, you can expect new Threat classifications to be added to keep pace with emerging attack methods.
[When this will happen:] General Availability (Worldwide): We will begin rolling out early January 2025 and expect to complete by late January 2025. | Updated January 23, 2025: We have updated our Threat Classification documentation on Microsoft Learn. You can now access the latest version from here.
Coming soon to Microsoft Defender for Office: We will introduce Threat classification details to enhance your ability to understand the intent behind email attacks. This update will allow you to integrate Threat classification information across key experiences, enabling better detection, analysis, and response. The Threat classification system utilizes large language models (LLMs), machine learning (ML) models, and other advanced techniques to understand the intent behind threats, providing a more accurate classification. As the system evolves, you can expect new Threat classifications to be added to keep pace with emerging attack methods. [When this will happen:] General Availability (Worldwide): We will begin rolling out early January 2025 and expect to complete by late January 2025. |
2025-01-24 | MC Title | Microsoft Defender for Office: Introducing "Threat classification" for email | (Updated) Microsoft Defender for Office: Introducing "Threat classification" for email |
2025-01-24 | MC MessageTagNames | New feature, Admin impact | Updated message, New feature, Admin impact |
Last updated 2 weeks ago