Home
Mapping Frameworks
M365 Home
Conditional Access

M365 ME-CA-E5 Mappings

Microsoft Entra Conditional Access brings signals together, to make decisions, and enforce organizational policies. Conditional Access is Microsoft's Zero Trust policy engine taking signals from various sources into account when enforcing policy decisions.

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name	Notes
ME-CA-E5	Conditional Access	protect	partial	T1059.009	Cloud API	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-apis2 licensing https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-apis
ME-CA-E5	Conditional Access	protect	partial	T1078	Valid Accounts	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
ME-CA-E5	Conditional Access	protect	partial	T1586.003	Cloud Accounts	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
ME-CA-E5	Conditional Access	protect	partial	T1621	Multi-Factor Authentication Request Generation	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
ME-CA-E5	Conditional Access	protect	partial	T1110.004	Credential Stuffing	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation
ME-CA-E5	Conditional Access	protect	partial	T1110.003	Password Spraying	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
ME-CA-E5	Conditional Access	protect	partial	T1110.002	Password Cracking	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation
ME-CA-E5	Conditional Access	protect	partial	T1110.001	Password Guessing	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
ME-CA-E5	Conditional Access	protect	partial	T1110	Brute Force	Comments Multiple conditions along can be combined to create fine-grained and specific policies that partially enforce access controls to account resources that adversaries may attempt to abuse: conditional access to Cloud APIs, blocking legacy authentication, requiring multi-factor authentication for users, block access by location, block access to unsupported devices, failed login attempts, account lockout policies, etc.. These features may require Microsoft Entra ID P2. References https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation