rules/findings/m365/microsoft_forms/ms-forms-internal-phishing-protection-disabled.json
|
{
"args": [ ], "provider": "Microsoft365", "serviceType": "Microsoft Forms", "serviceName": "Microsoft 365", "displayName": "Ensure internal phishing protection for Forms is enabled", "description": "Microsoft Forms can be used for phishing attacks by asking personal or sensitive information and collecting the results. Microsoft 365 has built-in protection that will proactively scan for phishing attempt in forms such personal information request.", "rationale": "Enabling internal phishing protection for Microsoft Forms will prevent attackers using forms for phishing attacks by asking personal or other sensitive information and URLs.", "impact": "If potential phishing was detected, the form will be temporarily blocked and cannot be distributed and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.", "remediation": { "text": "###### To set Microsoft Forms settings use the Microsoft 365 Admin Center\r\n\t\t\t\t\t1. Expand `Settings` then select `Org settings`.\r\n\t\t\t\t\t2. Under Services select `Microsoft Forms`.\r\n\t\t\t\t\t3. Select the checkbox for `Add internal phishing protection`.\r\n\t\t\t\t\t4. Click `Save`", "code": { "powerShell": null, "iac": null, "terraform": null, "other": null } }, "recommendation": null, "references": [ "https://support.microsoft.com/en-us/office/administrator-settings-for-microsoft-forms-48161c55-fbae-4f37-8951-9e3befc0248b", "https://support.microsoft.com/en-us/office/review-and-unblock-forms-or-users-detected-and-blocked-for-potential-phishing-879a90d7-6ef9-4145-933a-fb53a430bced" ], "compliance": [ { "name": "CIS Microsoft 365 Foundations Benchmark", "version": "6.0.1", "reference": "1.3.5", "profile": [ "E3 Level 1", "E5 Level 1" ] } ], "level": "medium", "tags": [ ], "rule": { "path": "o365_forms_tenant_settings", "subPath": null, "selectCondition": { }, "query": [ { "filter": [ { "conditions": [ [ "InOrgFormsPhishingScan", "eq", "false" ] ] } ] } ], "shouldExist": null, "returnObject": null, "removeIfNotExists": null }, "output": { "html": { "data": { "properties": { "externalCollaboration": "External Collaboration", "externalShareCollaboration": "External Sharing Collaboration", "allowFileUpload": "Allow File Upload", "RestrictSurveyAccessEnabled": "Restrict Survey Access", "InOrgFormsPhishingScan": "Phishing Protection" }, "expandObject": null }, "table": "default", "decorate": [ ], "emphasis": [ ], "actions": { "objectData": { "properties": [ "*" ], "expandObject": null, "limit": null }, "showGoToButton": "True", "showModalButton": "True", "directLink": null } }, "text": { "data": { "properties": { }, "expandObject": null }, "status": { "keyName": [ ], "message": "Ensure internal phishing protection for Forms is enabled", "defaultMessage": null }, "properties": { "resourceName": null, "resourceId": null, "resourceType": null }, "onlyStatus": false } }, "idSuffix": "m365_forms_phishing_protection_disabled", "notes": [ ], "categories": [ ], "immutable_properties": [ ], "id": "microsoft365_2156" } |