Information
Microsoft Forms can be used for phishing attacks by asking personal or sensitive information and collecting the results. Microsoft 365 has built-in protection that will proactively scan for phishing attempt in forms such personal information request.
Enabling internal phishing protection for Microsoft Forms will prevent attackers using forms for phishing attacks by asking personal or other sensitive information and URLs.
Solution
To remediate using the UI:
- Navigate to Microsoft 365 admin center
https://admin.microsoft.com
.
- Click to expand Settings then select Org settings
- Under Services select Microsoft Forms
- Click the checkbox labeled Add internal phishing protection under Phishing protection
- Click Save.
To remediate using PowerShell
- Connect to the Microsoft Graph service using Connect-MgGraph -Scopes "OrgSettings-AppsAndServices.ReadWrite.All"
- Run the following Microsoft Graph PowerShell commands:
$uri = 'https://graph.microsoft.com/beta/admin/forms/settings'
$body = @{ "isInOrgFormsPhishingScanEnabled" = $true } | ConvertTo-Json
Invoke-MgGraphRequest -Method PATCH -Uri $uri -Body $body
Impact:
If potential phishing was detected, the form will be temporarily blocked and cannot be distributed, and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.