Automatic Phishing Detection in Microsoft Forms for enterprise in-org forms
The automatic detection feature runs at Forms design time. If suspicious phishing content (e.g., what’s your password?) is detected, the form will be automatically blocked from sharing or collecting responses. This is not a permanent block; the form can be unblocked if the designer removes the suspicious phishing question.
- As an Office 365 admin, you will receive daily Message Center notifications on these potential phishing detection results.
- As a global admin, you have access to the forms as well as the response data. You can reverse the automatic block if you believe it was in error. You must be a global administrator to perform these actions.
Microsoft Forms is on by default and available to everyone in your organization. This anti-phishing feature is also on by default. You can disable this feature, as well as general Forms availability, in the admin center.
[What do I need to do to prepare for this change?]
Admins will see the new toggle in admin center in early September and can disable the feature if needed.
On September 23, 2019, the feature will become active if an administrator has not turned it off for their organization.