1. Home
  2. Mapping Frameworks
  3. M365 Home
  4. Password Protection

M365 ME-PP-E3 Mappings

Microsoft Entra Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization. When users change or reset their passwords, these banned password lists are checked to enforce the use of strong passwords.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
ME-PP-E3 Password Protection protect partial T1586.003 Cloud Accounts
Comments
Cloud accounts should have complex and unique passwords across all systems on the network. When a password is changed or reset for any user in a Microsoft Entra tenant, the current version of the global banned password list is used to validate the strength of the password. This validation check results in stronger passwords for all Microsoft Entra customers. License Requirements: Microsoft Entra ID Free, Microsoft Entra ID P1, or Microsoft Entra ID P2
References
  1. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad
ME-PP-E3 Password Protection protect partial T1078 Valid Accounts
Comments
Accounts should have complex and unique passwords across all systems on the network. When a password is changed or reset for any user in a Microsoft Entra tenant, the current version of the global banned password list is used to validate the strength of the password. This validation check results in stronger passwords for all Microsoft Entra customers. License Requirements: Microsoft Entra ID Free, Microsoft Entra ID P1, or Microsoft Entra ID P2
References
  1. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad
ME-PP-E3 Password Protection protect partial T1110.004 Credential Stuffing
Comments
With Microsoft Entra Password Protection, you can define entries in a custom banned password list. When a password is changed or reset for any user in a Microsoft Entra tenant, the current version of the global banned password list is used to validate the strength of the password. This validation check results in stronger passwords for all Microsoft Entra customers. License Requirements: Microsoft Entra ID Free, Microsoft Entra ID P1, or Microsoft Entra ID P2
References
  1. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad
ME-PP-E3 Password Protection protect partial T1110.003 Password Spraying
Comments
Microsoft Entra Password Protection efficiently blocks all known weak passwords likely to be used in password spray attacks. License Requirements: Microsoft Entra ID Free, Microsoft Entra ID P1, or Microsoft Entra ID P2
References
  1. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad
ME-PP-E3 Password Protection protect partial T1110 Brute Force
Comments
With Microsoft Entra Password Protection, default global banned password lists are automatically applied to all users in a Microsoft Entra tenant. To support your own business and security needs, you can define entries in a custom banned password list. When a password is changed or reset for any user in a Microsoft Entra tenant, the current version of the global banned password list is used to validate the strength of the password. This validation check results in stronger passwords for all Microsoft Entra customers. License Requirements: Microsoft Entra ID Free, Microsoft Entra ID P1, or Microsoft Entra ID P2
References
  1. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad