1.3.5 Ensure internal phishing protection for Forms is enabled

Information

Microsoft Forms can be used for phishing attacks by asking personal or sensitive information and collecting the results. Microsoft 365 has built-in protection that will proactively scan for phishing attempt in forms such personal information request.

Rationale:

Enabling internal phishing protection for Microsoft Forms will prevent attackers using forms for phishing attacks by asking personal or other sensitive information and URLs.

Impact:

If potential phishing was detected, the form will be temporarily blocked and cannot be distributed, and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To enable internal phishing protection for Forms:

Navigate to Microsoft 365 admin center https://admin.microsoft.com.

Click to expand Settings then select Org settings.

Under Services select Microsoft Forms.

Click the checkbox labeled Add internal phishing protection under Phishing protection.

Click Save.

Default Value:

Internal Phishing Protection is enabled.

See Also

https://workbench.cisecurity.org/benchmarks/15279

Item Details

Category: AWARENESS AND TRAINING, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AT-2, 800-53|SI-3

Plugin: microsoft_azure

Control ID: 81fc3ef10653ada6e2af6f29a514b639cd89c1f302ef22dbf96a05eff53b39a5