Security News > 2021 > February > Microsoft will alert Office 365 admins of Forms phishing attempts

Microsoft is adding new security warnings to the Security and Compliance Center default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants.

It has recently been made available for personal use to anyone with a Microsoft account after previously being available only to business users with Microsoft 365 Personal and Microsoft 365 Family subscriptions.

Microsoft Forms detects phishing attempts with the help of proactive phishing detection.

"We are now adding Microsoft Forms' phishing activities alert to the default alert policies in Microsoft's Security and Compliance Center," the company explains in a Microsoft 365 Roadmap entry.

"If there is any user restricted from sharing forms and collecting responses from Microsoft Forms because of confirmed phishing activities, or any form identified/detected as phishing form, IT admins will receive an alert in the SCC Alert center."

Microsoft also added an option in November allowing Office 365 admins to review Microsoft Forms phishing attempts to confirm or unblock forms tagged as suspicious for potentially attempting to maliciously harvest sensitive data.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-will-alert-office-365-admins-of-forms-phishing-attempts/