Home
Mapping Frameworks
Azure Home
Azure AD Multi-Factor Authentication

Azure azure_ad_multi-factor_authentication Mappings

Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan. If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, is it really the user signing in with the username and password, or is it an attacker? When you require a second form of authentication, security is increased as this additional factor isn't something that's easy for an attacker to obtain or duplicate.

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name	Notes
azure_ad_multi-factor_authentication	Azure AD Multi-Factor Authentication	protect	significant	T1110	Brute Force	Comments MFA provides significant protection against password compromises, requiring the adversary to complete an additional authentication method before their access is permitted. References https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
azure_ad_multi-factor_authentication	Azure AD Multi-Factor Authentication	protect	significant	T1110.001	Password Guessing	Comments MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted. References
azure_ad_multi-factor_authentication	Azure AD Multi-Factor Authentication	protect	significant	T1110.003	Password Spraying	Comments MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted. References
azure_ad_multi-factor_authentication	Azure AD Multi-Factor Authentication	protect	significant	T1110.004	Credential Stuffing	Comments MFA can significantly reduce the impact of a password compromise, requiring the adversary to complete an additional authentication method before their access is permitted. References
azure_ad_multi-factor_authentication	Azure AD Multi-Factor Authentication	protect	minimal	T1078	Valid Accounts	Comments This control only protects cloud accounts and therefore its overall protection coverage is Minimal. References https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
azure_ad_multi-factor_authentication	Azure AD Multi-Factor Authentication	protect	partial	T1078.004	Cloud Accounts	Comments MFA can provide protection against an adversary that obtains valid credentials by requiring the adversary to complete an additional authentication process before access is permitted. This is an incomplete protection measure though as the adversary may also have obtained credentials enabling bypassing the additional authentication method. References