Microsoft Forms: Form Blocked due to Potential Phishing

Scenario

You are seeing messages “This form can’t be distributed as it is asking for personal or sensitive information. Contact your admin for assistance. Terms of use”

This form can’t be distributed as it is asking for personal or sensitive information. Contact your admin for assistance. Terms of use

or

Form can no longer be accessed. This form has been flagged for potential phishing. Technical details

“Form can no longer be accessed. This form has been flagged for potential phishing. Technical details”

Cause

The reason is Microsoft enabled automated machine reviews to proactively detect the malicious collection of sensitive data in forms and temporary block those forms from collecting responses. Learn more about it.

Solution

Ask your tenant global or security admin to go to the Microsoft Security Administration (Defender) Alerts:

Microsoft Defender Alert Phishing Form

If your list of alers is too big – use filter by Policy: “Form blocked due to potential phishing attempt”.

Compliance-Alerts-Filter-By-Policy

To unblock the form or confirm it is phishing – admin should open the alert:

Microsoft Defender Alert Phishing Review this Form

And then click “Review this form“.
“Review the form” opens the page “https://forms.office.com/Pages/AdminPhishingReviewPage.aspx?id=<FormId>”
where <FormId> is the form Id.
Here global/security admin can review the form and unblock it or confirm it is phishing:

Microsoft Defender Alert Phishing Review this Form - Unblock or Conform Phishing

 

References

 

Leave a Comment

Your email address will not be published.