Version: 2.1.0

CIS.M365.1.3.5 - Ensure internal phishing protection for Forms is enabled

Overview

1.3.5 (L1) Ensure internal phishing protection for Forms is enabled

Microsoft Forms can be used for phishing attacks by asking personal or sensitive information and collecting the results. Microsoft 365 has built-in protection that will proactively scan for phishing attempt in forms such personal information request.

Rationale

Enabling internal phishing protection for Microsoft Forms will prevent attackers using forms for phishing attacks by asking personal or other sensitive information and URLs.

Impact

If potential phishing was detected, the form will be temporarily blocked and cannot be distributed, and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.

Remediation action:

Navigate to Microsoft 365 admin center.
Click to expand Settings select Org settings.
In Services select Microsoft Forms
Enable Add internal phishing protection under Phishing protection
Click Save.

PowerShell

Connect to the Microsoft Graph service using Connect-MgGraph -Scopes "OrgSettings-AppsAndServices.ReadWrite.All".
Run the following Microsoft Graph PowerShell commands:

$uri = 'https://graph.microsoft.com/beta/admin/forms/settings'
$body = @{ "isInOrgFormsPhishingScanEnabled" = $true } | ConvertTo-Json
Invoke-MgGraphRequest -Method PATCH -Uri $uri -Body $body

Test Metadata

Field	Value
Test ID	CIS.M365.1.3.5
Severity	Unknown
Suite	CIS
Category	CIS E3 Level 1
PowerShell test	Test-MtCisFormsPhishingProtectionEnabled
Tags	CIS, CIS E3, CIS E3 Level 1, CIS E5, CIS E5 Level 1, CIS M365 v6.0.1, CIS.M365.1.3.5, L1, Security

Source

Pester test: tests/cis/Test-MtCisFormsPhishingProtectionEnabled.Tests.ps1
PowerShell source: powershell/public/cis/Test-MtCisFormsPhishingProtectionEnabled.ps1

Overview​

Rationale​

Impact​

Remediation action:​

PowerShell​

Related links​

Test Metadata​

Source​