1. Home
  2. Mapping Frameworks
  3. M365 Home
  4. Passwordless Authentication

M365 ME-PWA-E3 Mappings

Features like multi-factor authentication (MFA) are a great way to secure your organization, but users often get frustrated with the additional security layer on top of having to remember their passwords. Passwordless authentication methods are more convenient because the password is removed and replaced with something you have, plus something you are or something you know.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
ME-PWA-E3 Passwordless Authentication protect significant T1539 Steal Web Session Cookie
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., token theft, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  2. https://m365maps.com/files/Entra-ID-All.htm
  3. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  4. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
ME-PWA-E3 Passwordless Authentication protect significant T1021.007 Cloud Services
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, use of strong two-factor for remote service accounts will mitigate an adversary's ability to leverage stolen credentials. License Requirements: All Microsoft Entra ID licenses
References
  1. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
  2. https://m365maps.com/files/Entra-ID-All.htm
  3. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  4. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
ME-PWA-E3 Passwordless Authentication protect significant T1110.004 Credential Stuffing
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  2. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  3. https://m365maps.com/files/Entra-ID-All.htm
  4. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
ME-PWA-E3 Passwordless Authentication protect significant T1110.003 Password Spraying
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  2. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  3. https://m365maps.com/files/Entra-ID-All.htm
  4. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
ME-PWA-E3 Passwordless Authentication protect significant T1110.002 Password Cracking
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  2. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  3. https://m365maps.com/files/Entra-ID-All.htm
  4. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
ME-PWA-E3 Passwordless Authentication protect significant T1110.001 Password Guessing
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  2. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  3. https://m365maps.com/files/Entra-ID-All.htm
  4. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
ME-PWA-E3 Passwordless Authentication protect significant T1110 Brute Force
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
  2. https://m365maps.com/files/Entra-ID-All.htm
  3. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  4. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
ME-PWA-E3 Passwordless Authentication protect significant T1136.003 Cloud Account
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity (e.g., account creation, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
  2. https://m365maps.com/files/Entra-ID-All.htm
  3. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/your-pa-word-doesn-t-matter/ba-p/731984
  4. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  5. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
ME-PWA-E3 Passwordless Authentication protect significant T1098.001 Additional Cloud Credentials
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity (e.g., additional cloud permissions, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  2. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  3. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/your-pa-word-doesn-t-matter/ba-p/731984
  4. https://m365maps.com/files/Entra-ID-All.htm
  5. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
ME-PWA-E3 Passwordless Authentication protect significant T1098.003 Additional Cloud Roles
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity (e.g., additional cloud roles, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
  2. https://m365maps.com/files/Entra-ID-All.htm
  3. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/your-pa-word-doesn-t-matter/ba-p/731984
  4. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  5. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
ME-PWA-E3 Passwordless Authentication protect significant T1531 Account Access Removal
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity (e.g., account creation, account deletion etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  2. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/your-pa-word-doesn-t-matter/ba-p/731984
  3. https://m365maps.com/files/Entra-ID-All.htm
  4. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
ME-PWA-E3 Passwordless Authentication protect significant T1078.004 Cloud Accounts
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://d3fend.mitre.org/technique/d3f:BiometricAuthentication/
  2. https://m365maps.com/files/Entra-ID-All.htm
  3. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/your-pa-word-doesn-t-matter/ba-p/731984
  4. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  5. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods