Home
Mapping Frameworks
M365 Home
Conditional Access

M365 EID-CA-E3

Conditional access enables organizations to configure and fine-tune access policies with contextual factors such as user, device, location, and real-time risk information to control what a specific user can access, and how and when they have access.

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name	Notes
EID-CA-E3	Conditional Access	protect	partial	T1059.009	Cloud API	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-apis2 licensing https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-apis
EID-CA-E3	Conditional Access	protect	partial	T1078	Valid Accounts	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
EID-CA-E3	Conditional Access	protect	partial	T1586.003	Cloud Accounts	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
EID-CA-E3	Conditional Access	protect	partial	T1621	Multi-Factor Authentication Request Generation	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
EID-CA-E3	Conditional Access	protect	partial	T1110.004	Credential Stuffing	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation
EID-CA-E3	Conditional Access	protect	partial	T1110.003	Password Spraying	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
EID-CA-E3	Conditional Access	protect	partial	T1110.002	Password Cracking	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation
EID-CA-E3	Conditional Access	protect	partial	T1110.001	Password Guessing	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
EID-CA-E3	Conditional Access	protect	partial	T1110	Brute Force	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation