Ensure internal phishing protection for Forms is enabled

Why This Matters

Attackers often use phishing forms to harvest credentials from unsuspecting users, and internal phishing attacks can be especially damaging because they come from within the trusted tenant. When Microsoft Forms internal phishing protection is disabled, malicious actors can create forms that appear legitimate to bypass security filters. Enabling this protection helps the platform block these deceptive forms before they reach your users.

What Aether365 Checks

Aether365 verifies that the Microsoft 365 tenant has enabled the internal phishing protection feature for Microsoft Forms. This check appears under the microsoft-365 section of your Aether365 dashboard with the identifier CIS.M365.1.3.5.

How to Fix

No specific remediation steps are available from the source documentation. To enable internal phishing protection for Forms, you must use Microsoft PowerShell or the Microsoft 365 Defender portal. Contact your Microsoft 365 administrator or consult Microsoft’s documentation for the exact configuration method for your environment.