(Updated) Updates to Microsoft Forms phishing activity notifications

Microsoft is making some changes to how we handle Microsoft Forms phishing activity alerts.

This message is associated with Microsoft 365 Roadmap ID 76911

When this will happen

Addition to the default alert policies in Microsoft’s Security and Compliance center will begin rollout in early February (previously mid-January) and complete in mid-February (previously late January).

How this will affect your organization

With this change we will be rolling out the following updates:

1. Microsoft Forms’ phishing activities alert (for blocked forms and users due to confirmed and suspicious phishing) will now be added to the default alert policies in Microsoft’s Security and Compliance Center (SCC). If there is any user restricted from sharing forms and collecting responses from Microsoft Forms because of confirmed phishing activities, or any form identified/detected as phishing form, IT admins will receive an alert in the SCC Alert center.
2. The Forms phishing activity notification sent out via Message Center will now be marked as a Privacy message. With this change, only the global admins and the admins with the Message Center Privacy reader role can view these messages from Message Center. If security admins want to view these messages, they need to get the Message Center Privacy reader role from the global admin.

What you need to do to prepare

The Global admin should assign the Security admin  to the Message Center Privacy reader role if the Security admin needs to view the daily Forms phishing notifications.