Application Permissions - Ensure Internal Phishing Protection for Forms is Enabled
Summary
Microsoft Forms can be used for phishing attacks by asking personal or sensitive information and collecting the results. There is a built-in protection in Microsoft 365, that can proactively scan for phishing attempt in forms facing such personal information request.
Reason
If internal phishing protection for Microsoft forms is enabled, then, it can prevent attackers from using forms for phishing attacks via personal or sensitive information or URLs.
What If?
If potential phishing is detected, then, form will be temporarily blocked and no response collection can done until it is unblocked by the administrator or keywords were removed by the creator.
How to?
To set Microsoft Forms settings, use the Microsoft 365 Admin Center:
- Expand Settings then select Org settings.
- Under Services, pick Microsoft Forms.
- Now, select the checkbox for Add internal phishing protection under Phishing protection.
- Click Save.
Monitor:
To verify Microsoft Forms settings, use the Microsoft 365 Admin Center:
- Expand Settings then select Org settings.
- Under Services, pick Microsoft Forms.
- Now, ensure that the checkbox labeled Add internal phishing protection is checked under Phishing protection.
Comments
Post a Comment