You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/phishing-triage-agent.md
+3-5Lines changed: 3 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -48,17 +48,13 @@ The Phishing Triage Agent is designed to scale your security operations teams' p
48
48
- It provides a transparent rationale for its classification verdicts in natural language, including the reasoning behind its decisions and the evidence it used to arrive at those conclusions. It also shows a visual representation of its reasoning process for every decision.
49
49
- It continuously learns and improves its accuracy based on feedback provided by analysts. Over time, this feedback loop fine-tunes the agent’s behavior, aligning it more closely with organizational nuances and reducing the need for manual verification.
50
50
51
-
### Trigger
52
-
53
-
The Phishing Triage Agent is triggered when a user in your organization submits a phishing incident. The agent automatically analyzes email content to classify them as either phishing or not phishing based on its training and the context of the organization.
54
-
55
51
## Prerequisites
56
52
57
53
The following are organizational requirements to run Phishing Triage Agent in your environment:
58
54
59
55
|Components|Details|
60
56
|:---|:---|
61
-
|Licenses|- A tenant must have a license for Security Copilot. See [Get started with Security Copilot](/copilot/security/get-started-security-copilot) for more information </br> - A tenant must have any of the following licenses deployed: - Microsoft Defender for Office Plan 2 </br> - Microsoft 365 E5|
57
+
|Licenses|- A tenant must have provisioned access to Security Copilot. See [Get started with Security Copilot](/copilot/security/get-started-security-copilot) for more information </br> - A tenant must have any of the following licenses deployed: - Microsoft Defender for Office Plan 2 </br> - Microsoft 365 E5|
62
58
|Accessing the agent|- A tenant must have access to the Microsoft Defender portal </br> - Unified role-based access control (URBAC) must be enabled in your organization. See [Unified role-based access control (URBAC)](manage-rbac.md) for more information|
63
59
|Roles required|- **Security Administrator** role is required to set up and manage the Phishing Triage Agent </br> - Users with the same permissions as the agent can view the agent's output|
64
60
|Alert policy|The alert policy **Email reported by user as malware or phish** must be turned on. See [Alert policies in the Microsoft Defender portal](alert-policies.md) for more information|
@@ -149,6 +145,8 @@ To manage the Phishing Triage Agent, follow these steps:
149
145
150
146
## Assess and provide feedback on the agent's output
151
147
148
+
Once the Phishing Triage Agent is fully setup and running, it's triggered when a user in your organization submits a phishing incident. The agent automatically analyzes email content, classifying the incident as either phishing or not phishing based on its training and the context of the organization.
149
+
152
150
Users can review the Phishing Triage Agent's triaged incidents, provide feedback on the actions taken by the agent, and assess the agent's overall performance in terms of total incidents resolved and mean time to resolve.
0 commit comments