Table of Contents
Summary
- Introduction of an advanced Agentic AI grading system in Microsoft Defender for Office 365 for analyzing phishing submissions.
- AI will provide faster verdicts along with natural language explanations for phishing report outcomes.
- Integration of existing machine learning models and human reviews for improved accuracy and reduced wait times.
- User workflows will remain unchanged, with the feature enabled by default and no admin controls available.
Admin Impact: Low
User Impact: Low
Release Start: 15 Nov 2025
Release End: 30 Nov 2025
Services: Defender XDR
Category: Stay informed
Tags: New Feature, User Adoption, Admin Action
History
11/18/2025 Item Added to Message Center
Microsoft Message
Introduction
We are introducing an advanced Agentic AI grading system integrated into the Microsoft Defender for Office 365 (MDO) phishing submission analysis and response flow. This enhancement provides faster, higher-quality verdicts with detailed natural language explanations when customers report phishing messages to Microsoft.
This message is associated with Microsoft 365 Roadmap ID 503112.
When this will happen
General Availability (Worldwide): Rollout will begin in mid-November 2025 and is expected to complete by late November 2025.
How this affects your organization
Who is affected: Admins and users submitting phishing emails for analysis in Microsoft Defender for Office 365.
What will happen:
You can expect the following changes when this feature rolls out:
- Phishing emails will be analyzed using large language models (LLMs) in an agentic workflow.
- Natural language explanations for verdicts will be provided.
- Existing machine learning models and human review will be integrated for accuracy.
- Wait times will be reduced by processing more submissions via AI grading instead of manual review.
- User workflows will remain unchanged; the feature will be enabled by default.
- There are no admin controls to manage this functionality.
How to view Agentic AI grading system responses:
- Report an admin or user phish submission to Microsoft for analysis. See the Learn more section below for links to detailed instructions.
- Go to Microsoft Defender portal (https://sip.security.microsoft.com).
- Navigate to Investigation & response > Actions & submissions > Submissions or visit https://security.microsoft.com/reportsubmission.
- Select the relevant tab (“Emails” for admin submissions or “User reported” for user submissions).
- Select an email submission line item to review results in the flyout panel under Result details.
- Agentic AI grading responses will include the note: “AI-generated content may be incorrect. Check it for accuracy.”
Screenshot – Sample agentic AI submission response:
What you can do to prepare
- No admin action is required before rollout.
- No disruptions or downtime during rollout.
Learn more
- Report phishing and suspicious emails in Outlook for admins | Microsoft Learn
- Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft | Microsoft Learn
- User reported settings | Microsoft Learn
Compliance considerations
Question: Does the change alter how existing customer data is processed, stored, or accessed?
Answer: Yes – Introduces AI-based processing of phishing email submissions to provide natural language explanations of verdicts. No changes to storage or access patterns.
Question: Does the change introduce or significantly modify AI/ML or agent capabilities that interact with or provide access to customer data?
Answer: Yes – Introduces an Agentic AI grading system using LLMs orchestrated within an agentic workflow to analyze phishing emails and generate explanations.
Question: Does the change provide end users any new way of interacting with generative AI?
Answer: Yes – Users and admins will see AI-generated natural language explanations for phishing verdicts in the Defender portal.