2.10 Ensure internal phishing protection for Forms is enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Microsoft Forms can be used for phishing attacks by asking personal or sensitive information and collecting the results. Microsoft 365 has built-in protection that will proactively scan for phishing attempt in forms such personal information request.

Rationale:

Enabling internal phishing protection for Microsoft Forms will prevent attackers using forms for phishing attacks by asking personal or other sensitive information and URLs.

Impact:

If potential phishing was detected, the form will be temporarily blocked and cannot be distributed and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To set Microsoft Forms settings use the Microsoft 365 Admin Center:

Expand Settings then select Org settings.

Under Services select Microsoft Forms.

Select the checkbox for Add internal phishing protection under Phishing protection.

Click Save.

Default Value:

Internal Phishing Protection enabled.

See Also

https://workbench.cisecurity.org/files/4073