From 218ca4df3ab303cc6df839c9d3006896814155d4 Mon Sep 17 00:00:00 2001 From: MishraSoumyaMS <78144677+MishraSoumyaMS@users.noreply.github.com> Date: Fri, 13 Jun 2025 21:28:44 +0530 Subject: [PATCH 1/2] Update submissions-result-definitions.md --- defender-office-365/submissions-result-definitions.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/defender-office-365/submissions-result-definitions.md b/defender-office-365/submissions-result-definitions.md index 2bf628a804..6107dc0939 100644 --- a/defender-office-365/submissions-result-definitions.md +++ b/defender-office-365/submissions-result-definitions.md @@ -44,6 +44,10 @@ The following table describes the results of submissions to Microsoft: - **Status** indicates whether the previously described checks have been completed. - **Result** indicates the details that were generated during the analysis using the previously described checks +> [!NOTE] +> The new AI-powered Submissions Response capability introduces generative AI explanations for email submissions in Microsoft Defender. These explanations aim to provide enterprise administrators with clear, detailed, human-readable rationales for why a message was classified as spam, phishing, or clean. This feature is scoped specifically to email submissions. Submissions involving files, Teams messages, or URLs are currently out of scope. Also user submissions are currently out of scope as well. +> For the result types like Spam, Bulk, Threats found, No Threats found and Uknowns, you will see the LLM-based response. However, if for any reason the AI-generated explanation is unavailable, the system will fall back to the existing explanation as captured in the following table. + |Status|Result|Description| |---|---|---| |Being analyzed|Under investigation|The item is being analyzed as previously described. After the analysis is complete, the status is updated and the result shows details of the analysis.| From b50803098ac6f9ef41562236b794666a3dd575ef Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Fri, 13 Jun 2025 09:30:30 -0700 Subject: [PATCH 2/2] Update submissions-result-definitions.md --- .../submissions-result-definitions.md | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/defender-office-365/submissions-result-definitions.md b/defender-office-365/submissions-result-definitions.md index 6107dc0939..fe29947297 100644 --- a/defender-office-365/submissions-result-definitions.md +++ b/defender-office-365/submissions-result-definitions.md @@ -16,7 +16,7 @@ ms.collection: - tier1 description: Admins and end-users can learn about the results of submitting entities to Microsoft for analysis. ms.service: defender-office-365 -ms.date: 07/26/2024 +ms.date: 06/13/2025 appliesto: - ✅ Exchange Online Protection - ✅ Microsoft Defender for Office 365 Plan 1 and Plan 2 @@ -37,16 +37,28 @@ When admins or users submit items to Microsoft for analysis, we do the following [Learn more how submissions are processed behind-the-scenes to generate the result](https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/how-your-submissions-to-defender-for-office-365-are-processed-behind-the-scenes/4231551). > [!NOTE] -> In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD), admins can submit items to Microsoft for analysis, but the items are analyzed for email authentication and policy hits only. Payload reputation, detonation, and grader analysis aren't done for compliance reasons (data isn't allowed to leave the organization boundary). +> +> - In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD), admins can submit items to Microsoft for analysis, but the items are analyzed for email authentication and policy hits only. Payload reputation, detonation, and grader analysis aren't done for compliance reasons (data isn't allowed to leave the organization boundary). +> - AI-powered Submissions Response capability introduces generative AI explanations for email submissions to Microsoft. These explanations aim to provide enterprise admins with clear, detailed, human-readable explanations for why messages were classified. Currently, this feature is scoped to email submissions only, and AI-generated explanations aren't used for the following types of submissions: +> - Files +> - URLs +> - Microsoft Teams messages +> - User submissions +> +> AI-generated explanations are available for the following verdicts: +> +> - Spam +> - Bulk +> - Threats found +> - No threats found +> - Unknown +> +> If the AI-generated explanation is unavailable, the system falls back to the existing explanation as described in the following table. The following table describes the results of submissions to Microsoft: - **Status** indicates whether the previously described checks have been completed. -- **Result** indicates the details that were generated during the analysis using the previously described checks - -> [!NOTE] -> The new AI-powered Submissions Response capability introduces generative AI explanations for email submissions in Microsoft Defender. These explanations aim to provide enterprise administrators with clear, detailed, human-readable rationales for why a message was classified as spam, phishing, or clean. This feature is scoped specifically to email submissions. Submissions involving files, Teams messages, or URLs are currently out of scope. Also user submissions are currently out of scope as well. -> For the result types like Spam, Bulk, Threats found, No Threats found and Uknowns, you will see the LLM-based response. However, if for any reason the AI-generated explanation is unavailable, the system will fall back to the existing explanation as captured in the following table. +- **Result** indicates the details that were generated during the analysis using the previously described checks. |Status|Result|Description| |---|---|---|