Forum Discussion
catastrophic Microsoft forms breach
Now today I just discovered something alarming with Forms. An anonymous tip from one of my students stated that all the students could go to forms.microsoft.com, log in normally and they could see all the group quizzes I created! Further, they could see the correct answers, they could edit, they could delete and they could see all the grades of all the other students! Unbelievable. Now my whole grades are compromised. Apparently if a quiz is created outside the group they cannot see it, but any regular member of a group (like a student) has full permissions for a group quiz. I cannot believe this and now I have no idea what I am going to do. My whole course is totally screwed up. How could this happen?
2 Replies
It is true that students are owners of any group form you created
This is the result of creating a quiz in microsoft teams or directly creating a group quiz
To avoid this you need to create the form in (My Forms) and simply share the link to respond with your students
Never ever put stuff in any of the Group resources, be it OneDrive, Team, Planner, Forms, etc. Those are all "shared" and every member of the group has "equal" access to them. It's a design decision, not something you can change.
