Ensure internal phishing protection for Forms is enabled
Why This Matters
Microsoft Forms can be exploited by attackers to conduct phishing campaigns that request personal or sensitive information from users. Enabling internal phishing protection proactively scans forms for malicious content and automatically blocks suspicious forms from being distributed. This prevents sensitive data collection through Forms-based attacks before they can reach your users.
What Aether365 Checks
Aether365 verifies that the "Add internal phishing protection" setting is enabled for Microsoft Forms in your Microsoft 365 tenant. This check is displayed in your Aether365 dashboard under the microsoft-365 security category.