Microsoft Viva: List-based Forms card for Viva Connections Dashboard

🚨 The Signal: Viva Connections now supports embedding forms directly into dashboards. This increases the attack surface for phishing and data exfiltration via malicious forms, requiring enhanced vigilance over form creation and sharing.

The Impact

All users are affected, with increased risk of phishing and unauthorized data collection if form governance is not strictly enforced.

• End Users: Increased exposure to malicious forms and phishing attempts.
• Admins: New vector for data exfiltration and compliance breaches.
• Security Team: Expanded scope for monitoring and incident response related to form-based attacks.

The Action

1. Review and update existing data governance policies for Microsoft Forms and Viva Connections.
2. Implement strict controls on who can create and publish forms to Viva Connections dashboards.
3. Educate users on identifying suspicious forms and reporting potential phishing attempts.
4. Monitor audit logs for unusual form creation or data submission activities within Viva Connections.
5. Consider implementing Microsoft Purview Data Loss Prevention (DLP) policies for form data.

Domain: SharePoint · Impact: high · Workload: SharePoint