I’ve had a client creating quite a few forms on Microsoft Forms recently and quite inexplicably two of the forms were locked by Microsoft as being phishing.

Generally this should only happen if a form is asking for a password, so I’m not sure what triggered the phishing detection, but it was annoying and no amount of editing the form would get rid of the warning.

Fortunately as an admin, there is a way to unlock the form.

Open the form in your browser and find the long string that is the ID of the form. It will be in the URL as id=xxxxx

Copy and paste this ID onto the end of the following URL when logged into Microsoft 365 as an admin:

https://forms.office.com/Pages/AdminPhishingReviewPage.aspx?id=

From here you will be able to unlock the form and then the end user will be able to distribute it once more.