To notify IT administrators of detected phishing attempts to exploit Microsoft Forms in their tenants. Microsoft added a new security warning to the default security and enforcement center (SCC) alert policies.

Microsoft Forms is an app that allows web and smartphone users to create surveys, polls, and quizzes for collecting feedback and data online.

Recently it has only been made available to enterprise customers of Microsoft 365 Personal and Microsoft 365 Family subscriptions, for their personal use, and those with a Microsoft account.

Activity alerts for Forms phishing

Phishing attempts are detected by Microsoft Form by means of proactive phishing detection (available for all public forms since July 2019 and for enterprise forms from September 2019).

With this phishing protection feature, malicious password collection is proactively identified in forms and surveys.

For these purposes, automated machine reviews “proactively detect malicious password collection in forms and surveys” prevent Microsoft forms from being abused by phishing pages.

For these purposes, automated machine reviews “proactively detect malicious password collection in forms and surveys” prevent Microsoft forms from being abused by phishing pages.

Admins are alerted to potential phishing by all users or forms blocked in their tenants. Microsoft is currently working to add these alerts to SCC Alert Center for phishing activity.

“We are now adding Microsoft Forms’ phishing activities alert (for blocked forms and users due to confirmed and suspicious phishing) to the default alert policies in Microsoft’s Security and Compliance Center (SCC),” In a Microsoft 365 Roadmap entry, the company explained.

“If there is any user restricted from sharing forms and collecting responses from Microsoft Forms because of confirmed phishing activities, or any form identified/detected as phishing form, IT admins will receive an alert in the SCC Alert center.”

Later this month it will Roll Out

At the end of this month, Microsoft plans to make this new feature widely accessible worldwide.

In November, Microsoft also introduced the alternative that allowed Office 365 administrators to search Microsoft Forms for verifying or blocking tagged forms suspect of attempting to collect sensitive data maliciously.

If the notifications are introduced to the messaging center, administrators can unblock users if they feel that they have no malicious purpose.

“If you believe a form has malicious intent, no further action from you is required. The form will stay blocked until its owner removes the content flagged for the malicious collection of sensitive data,” Microsoft explains.

Microsoft will also start to notify Office 365 customers of Microsoft Defender of alleged nation-state hacking activities identified within their tenants later this month.