Merge pull request #4951 from sbreingold-ms/wi-487069-defender-form-update-blocked-phishing-attempt

wi-487069-correct "form blocked due to potential phishing attempt"

Author: guywi-ms

defender-xdr/alert-policies.md

@@ -183,7 +183,7 @@ The tables also indicate the Office 365 Enterprise and Office 365 US Government
 |**Email reported by user as not junk**|Generates an alert when users in your organization report messages as not junk the built-in Report button in Outlook or the Report Message add-in. For more information about the add-ins, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2).|Low|No|E1/F1/G1, E3/F3/G3, or E5/G5|
 |**Email sending limit exceeded**|Generates an alert when someone in your organization has sent more mail than is allowed by the outbound spam policy. This is usually an indication the user is sending too much email or that the account might be compromised. If you get an alert generated by this alert policy, it's a good idea to [check whether the user account is compromised](/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account).|Medium|No|E1/F1/G1, E3/F3/G3, or E5/G5|
 |**Failed exact data match upload**|Generates an alert when a user receives the following error when [uploading an exact data match based sensitive information type](/purview/sit-get-started-exact-data-match-based-sits-overview): New sensitive information failed to upload. Try again later.|High|No|E5/G5.|
-|**Form blocked due to potential phishing attempt**|Generates an alert when someone in your organization is restricted from sharing forms and collecting responses using Microsoft Forms due to detected repeated phishing attempt behavior.|High|No|E1, E3/F3, or E5|
+|**Form blocked due to potential phishing attempt**|Generates an alert when the system detects suspected phishing behavior in a form.|High|No|E1, E3/F3, or E5|
 |**Form flagged and confirmed as phishing**|Generates an alert when a form created in Microsoft Forms from within your organization is identified as potential phishing through Report Abuse and confirmed as phishing by Microsoft.|High|No|E1, E3/F3, or E5|
 |**Malware not zapped because ZAP is disabled**| Generates an alert when Microsoft detects delivery of a malware message to a mailbox because Zero-Hour Auto Purge for Phish messages is disabled.|Informational|No|E5/G5 or Defender for Office 365 Plan 2 add-on subscription.|
 |**Messages containing malicious entity not removed after delivery**|Generates an alert when any message containing malicious content (file, URL, campaign, no entity), is delivered to mailboxes in your organization. If this event occurs, Microsoft attempted to remove the infected messages from Exchange Online mailboxes using [Zero-hour auto purge](/microsoft-365/security/office-365-security/zero-hour-auto-purge), but the message wasn't removed due to a failure. Additional investigation is recommended. This policy automatically triggers [automated investigation and response in Office 365](/microsoft-365/security/office-365-security/air-about).|Medium|Yes|Microsoft 365 Business Premium, Defender for Office 365 Plan 1 add-on, E5/G5, or Defender for Office 365 Plan 2 add-on.|