https://store-images.s-microsoft.com/image/apps.8664.6741570c-859f-4587-975a-275a24fdc437.58b53bc8-30df-4030-9283-a5682f6008e3.4b28dda4-923c-417a-a73e-5a0e36e0e8b4

Phishing Triage Agent

by Microsoft Security

Automates phishing incident triage with advanced security workflows.

The Microsoft Defender Phishing Triage Agent triages user-submitted phishing incidents. Leveraging AI to autonomously classify and resolve alerts as either truly malicious or as false alarms, the agent provides a transparent rationale for its classification verdicts in natural language, and uses feedback provided by analysts to continuously improve its accuracy. Since user-submitted phishing incidents are often high volume and require significant time to triage, the Phishing Triage Agent frees up time for high-value work.


Agent tasks: Incident and alert triage, autonomous investigation, verdict analysis, contextual learning.
Agent workflow
Input: Alerts generated from user-submitted emails in Microsoft Defender.

Output: Classified alerts with detailed verdict explanation and visual graph insights to support incident triage and prioritization, including resolution of false alarms.

Learn more about setting up the Phishing Triage Agent.

At a glance

https://store-images.s-microsoft.com/image/apps.22785.6741570c-859f-4587-975a-275a24fdc437.58b53bc8-30df-4030-9283-a5682f6008e3.009fa96b-d8ee-4a45-9e1f-b3134d60dd12