Microsoft Defender for Office: "Threat classification" in Mail flow status summary and Threat protection status reports

Following MC973503 (Updated) Microsoft Defender for Office: Introducing "Threat classification" for email (published January 2025, updated March 2025), we will introduce Threat classification into the Mail flow status summary report and the Threat protection status report to enhance understanding of the intent behind an email attack.

When this will happen

General Availability (Worldwide): We began rolling out mid-March 2025 and expect to complete by late May 2025.

How this will affect your organization

Mail flow status report:

Threat classification breakdown in the Mail flow status report:

Threat classification breakdown in the Threat protection status report:

As a result of this change, we will introduce Threat classification as a new column in the output of the Get-MailTrafficATPReport Microsoft PowerShell cmdlet:

These changes will be available by default.

What you need to do to prepare

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your users about this change and update any relevant documentation.

Learn more

• View email security reports - Microsoft Defender for Office 365 | Microsoft Learn
  • Mail flow status report
  • Threat protection status report
• Microsoft Ignite: Redefining email security with LLMs to tackle a new era of social engineering | Microsoft Community Hub