check before: 2025-01-01
Product:
Defender, Defender for Office 365, Defender XDR
Platform:
Online, World tenant
Status:
Change type:
Admin impact, New feature, Updated message
Links:
Details:
Summary:
Microsoft Defender for Office is introducing "Threat classification" for email, enhancing malware threat detection and analysis. The rollout begins in January 2025, with features integrated into Threat Explorer, Advanced Hunting, email summary panel, and email entity page. Updated documentation is available on Microsoft Learn. No admin action is required before the rollout.
Details:
Updated March 7, 2025: We are introducing Malware Threat Classes as part of our ongoing efforts to enhance threat classification. This update, once rolled out during end of March, will improve your ability to understand the malware attacks by integrating Threat Classification details across key experiences enabling better detection, analysis, and response. As the system evolves, additional threat classifications will be introduced to stay ahead of emerging attack methods.
We have updated our Threat Classification documentation on Microsoft Learn. You can now access the latest version from here.
Coming soon to Microsoft Defender for Office: We will introduce Threat classification details to enhance your ability to understand the intent behind email attacks. This update will allow you to integrate Threat classification information across key experiences, enabling better detection, analysis, and response. The Threat classification system utilizes large language models (LLMs), machine learning (ML) models, and other advanced techniques to understand the intent behind threats, providing a more accurate classification. As the system evolves, you can expect new Threat classifications to be added to keep pace with emerging attack methods.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out early January 2025 and expect to complete by late January 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-01-07
updated:
2025-03-08
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft Defender for Office is introducing a "Threat classification" feature for emails, starting in January 2025, which uses large language models and machine learning to enhance malware threat detection and analysis, integrating into tools like Threat Explorer and Advanced Hunting for more accurate classifications and effective responses.
Direct effects for Operations**
Malware Detection Accuracy
The introduction of Threat classification may lead to initial inaccuracies in malware detection, as the system learns to classify new threats effectively.
- roles: Security Analyst, IT Administrator
- references: https://learn.microsoft.com/defender-office-365/mdo-threat-classification
User Experience with Email
Users may experience delays or confusion due to changes in how email threats are classified and reported, impacting their ability to respond to threats promptly.
- roles: End User, Help Desk Support
- references: https://learn.microsoft.com/defender-office-365/mdo-threat-classification
Custom Detection Rules
Existing custom detection rules may become obsolete or less effective if they do not incorporate the new Threat classification details, leading to potential security gaps.
- roles: Security Analyst, IT Administrator
- references: https://learn.microsoft.com/defender-office-365/mdo-threat-classification
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-03-08 | MC Messages | Updated January 23, 2025: We have updated our Threat Classification documentation on Microsoft Learn. You can now access the latest version from here.
Coming soon to Microsoft Defender for Office: We will introduce Threat classification details to enhance your ability to understand the intent behind email attacks. This update will allow you to integrate Threat classification information across key experiences, enabling better detection, analysis, and response. The Threat classification system utilizes large language models (LLMs), machine learning (ML) models, and other advanced techniques to understand the intent behind threats, providing a more accurate classification. As the system evolves, you can expect new Threat classifications to be added to keep pace with emerging attack methods. [When this will happen:] General Availability (Worldwide): We will begin rolling out early January 2025 and expect to complete by late January 2025. | Updated March 7, 2025: We are introducing Malware Threat Classes as part of our ongoing efforts to enhance threat classification. This update, once rolled out during end of March, will improve your ability to understand the malware attacks by integrating Threat Classification details across key experiences enabling better detection, analysis, and response. As the system evolves, additional threat classifications will be introduced to stay ahead of emerging attack methods.
We have updated our Threat Classification documentation on Microsoft Learn. You can now access the latest version from here. Coming soon to Microsoft Defender for Office: We will introduce Threat classification details to enhance your ability to understand the intent behind email attacks. This update will allow you to integrate Threat classification information across key experiences, enabling better detection, analysis, and response. The Threat classification system utilizes large language models (LLMs), machine learning (ML) models, and other advanced techniques to understand the intent behind threats, providing a more accurate classification. As the system evolves, you can expect new Threat classifications to be added to keep pace with emerging attack methods. [When this will happen:] General Availability (Worldwide): We will begin rolling out early January 2025 and expect to complete by late January 2025. |
| 2025-03-08 | MC Last Updated | 01/23/2025 23:36:46 | 2025-03-07T18:34:32Z |
| 2025-03-08 | MC prepare | Familiarize your team with the new Threat classification details available in the Threat Explorer, Advanced Hunting, email summary panel, and email entity page.
Leverage Threat classification to enhance filtering, hunting, and trend analysis in your workflows. Prepare to update any custom detection rules or automated workflows to incorporate Threat classification for more targeted and insightful threat detection. This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your team about this change and update any relevant documentation. Before rollout, we will update this post with revised documentation. https://learn.microsoft.com/en-us/defender-office-365/mdo-threat-classification | Familiarize your team with the new Threat classification details available in the Threat Explorer, Advanced Hunting, email summary panel, and email entity page.
Leverage Threat classification to enhance filtering, hunting, and trend analysis in your workflows. Prepare to update any custom detection rules or automated workflows to incorporate Threat classification for more targeted and insightful threat detection. This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your team about this change and update any relevant documentation. Before rollout, we will update this post with revised documentation. https://learn.microsoft.com/defender-office-365/mdo-threat-classification |
| 2025-03-08 | MC Summary | Microsoft Defender for Office is introducing "Threat classification" for emails, enhancing detection and response capabilities. The system uses advanced techniques for accurate threat intent classification. It will be integrated across various features, with rollout expected in January 2025. Updated documentation is available on Microsoft Learn. | Microsoft Defender for Office is introducing "Threat classification" for email, enhancing malware threat detection and analysis. The rollout begins in January 2025, with features integrated into Threat Explorer, Advanced Hunting, email summary panel, and email entity page. Updated documentation is available on Microsoft Learn. No admin action is required before the rollout. |
| 2025-01-24 | MC prepare | Familiarize your team with the new Threat classification details available in the Threat Explorer, Advanced Hunting, email summary panel, and email entity page.
Leverage Threat classification to enhance filtering, hunting, and trend analysis in your workflows. Prepare to update any custom detection rules or automated workflows to incorporate Threat classification for more targeted and insightful threat detection. This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your team about this change and update any relevant documentation. Before rollout, we will update this post with revised documentation. | Familiarize your team with the new Threat classification details available in the Threat Explorer, Advanced Hunting, email summary panel, and email entity page.
Leverage Threat classification to enhance filtering, hunting, and trend analysis in your workflows. Prepare to update any custom detection rules or automated workflows to incorporate Threat classification for more targeted and insightful threat detection. This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your team about this change and update any relevant documentation. Before rollout, we will update this post with revised documentation. https://learn.microsoft.com/en-us/defender-office-365/mdo-threat-classification |
| 2025-01-24 | MC Summary | Microsoft Defender for Office is introducing a "Threat classification" feature for emails, utilizing advanced techniques for accurate threat intent analysis. It will integrate across various experiences, aiding in better detection and response. The rollout begins early January 2025 and completes by late January 2025. Users should prepare by familiarizing with the new feature and updating workflows. | Microsoft Defender for Office is introducing "Threat classification" for emails, enhancing detection and response capabilities. The system uses advanced techniques for accurate threat intent classification. It will be integrated across various features, with rollout expected in January 2025. Updated documentation is available on Microsoft Learn. |
| 2025-01-24 | MC Last Updated | 01/07/2025 01:17:42 | 2025-01-23T23:36:46Z |
| 2025-01-24 | MC Messages | Coming soon to Microsoft Defender for Office: We will introduce Threat classification details to enhance your ability to understand the intent behind email attacks. This update will allow you to integrate Threat classification information across key experiences, enabling better detection, analysis, and response. The Threat classification system utilizes large language models (LLMs), machine learning (ML) models, and other advanced techniques to understand the intent behind threats, providing a more accurate classification. As the system evolves, you can expect new Threat classifications to be added to keep pace with emerging attack methods.
[When this will happen:] General Availability (Worldwide): We will begin rolling out early January 2025 and expect to complete by late January 2025. | Updated January 23, 2025: We have updated our Threat Classification documentation on Microsoft Learn. You can now access the latest version from here.
Coming soon to Microsoft Defender for Office: We will introduce Threat classification details to enhance your ability to understand the intent behind email attacks. This update will allow you to integrate Threat classification information across key experiences, enabling better detection, analysis, and response. The Threat classification system utilizes large language models (LLMs), machine learning (ML) models, and other advanced techniques to understand the intent behind threats, providing a more accurate classification. As the system evolves, you can expect new Threat classifications to be added to keep pace with emerging attack methods. [When this will happen:] General Availability (Worldwide): We will begin rolling out early January 2025 and expect to complete by late January 2025. |
| 2025-01-24 | MC Title | Microsoft Defender for Office: Introducing "Threat classification" for email | (Updated) Microsoft Defender for Office: Introducing "Threat classification" for email |
| 2025-01-24 | MC MessageTagNames | New feature, Admin impact | Updated message, New feature, Admin impact |
Last updated 3 weeks ago
