Security News > 2021 > February > Microsoft will alert Office 365 admins of Forms phishing attempts
Microsoft is adding new security warnings to the Security and Compliance Center default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants.
It has recently been made available for personal use to anyone with a Microsoft account after previously being available only to business users with Microsoft 365 Personal and Microsoft 365 Family subscriptions.
Microsoft Forms detects phishing attempts with the help of proactive phishing detection.
"We are now adding Microsoft Forms' phishing activities alert to the default alert policies in Microsoft's Security and Compliance Center," the company explains in a Microsoft 365 Roadmap entry.
"If there is any user restricted from sharing forms and collecting responses from Microsoft Forms because of confirmed phishing activities, or any form identified/detected as phishing form, IT admins will receive an alert in the SCC Alert center."
Microsoft also added an option in November allowing Office 365 admins to review Microsoft Forms phishing attempts to confirm or unblock forms tagged as suspicious for potentially attempting to maliciously harvest sensitive data.
News URL
Related news
- Microsoft 365 anti-phishing feature can be bypassed with CSS (source)
- Microsoft 365 anti-phishing alert “erased” with one simple trick (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft discloses unpatched Office flaw that exposes NTLM hashes (source)
- Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure (source)
- Microsoft Sway abused in massive QR code phishing campaign (source)
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials (source)
- Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns (source)
- Microsoft Office 2024 to disable ActiveX controls by default (source)
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)