Microsoft is adding new security warnings to the Security and Compliance Center (SCC) default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants.
Microsoft Forms is an app that enables web and mobile users to create surveys, polls, and quizzes for collecting feedback and data online.
It has recently been made available for personal use to anyone with a Microsoft account after previously being available only to business users with Microsoft 365 Personal and Microsoft 365 Family subscriptions.
Forms phishing activity alerts
Microsoft Forms detects phishing attempts with the help of proactive phishing detection (available for all public forms since July 2019 and for enterprise forms from September 2019).
This phishing protection feature will proactively identify malicious password collection in forms and surveys.
To do that, it uses automated machine reviews to “proactively detect malicious password collection in forms and surveys” to block phishers from abusing Microsoft Forms to create phishing landing pages.
Admins receive alerts of any users or forms blocked in their tenants for potential phishing. Microsoft is now working on also adding these phishing activity alerts to SCC’s Alert center.
“We are now adding Microsoft Forms’ phishing activities alert (for blocked forms and users due to confirmed and suspicious phishing) to the default alert policies in Microsoft’s Security and Compliance Center (SCC),” the company explains in a Microsoft 365 Roadmap entry.
“If there is any user restricted from sharing forms and collecting responses from Microsoft Forms because of confirmed phishing activities, or any form identified/detected as phishing form, IT admins will receive an alert in the SCC Alert center.”
Rolling out later this month
Microsoft is planning on making this new feature generally available worldwide in all environments by the end of this month.
Microsoft also added an option in November allowing Office 365 admins to review Microsoft Forms phishing attempts to confirm or unblock forms tagged as suspicious for potentially attempting to maliciously harvest sensitive data.
Once the notifications are added…