M365 Microsoft Purview – Mappings Explorer

All Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
PUR-IP-E5	Information Protection	Technique Scores	T1087	Account Discovery
PUR-IP-E5	Information Protection	Technique Scores	T1087.004	Cloud Account
PUR-IP-E5	Information Protection	Technique Scores	T1119	Automated Collection
PUR-IP-E5	Information Protection	Technique Scores	T1020	Automated Exfiltration
PUR-IP-E5	Information Protection	Technique Scores	T1530	Data from Cloud Storage
PUR-IP-E5	Information Protection	Technique Scores	T1048	Exfiltration Over Alternative Protocol
PUR-IP-E5	Information Protection	Technique Scores	T1567	Exfiltration Over Web Service
PUR-IP-E5	Information Protection	Technique Scores	T1567.004	Exfiltration Over Webhook
PUR-IP-E5	Information Protection	Technique Scores	T1546	Event Triggered Execution
PUR-IP-E5	Information Protection	Technique Scores	T1070	Indicator Removal
PUR-IP-E5	Information Protection	Technique Scores	T1552	Unsecured Credentials
PUR-IP-E5	Information Protection	Technique Scores	T1552.008	Chat Messages
PUR-AS-E5	Audit Solutions	Technique Scores	T1548	Abuse Elevation Control Mechanism
PUR-AS-E5	Audit Solutions	Technique Scores	T1548.005	Temporary Elevated Cloud Access
PUR-AS-E5	Audit Solutions	Technique Scores	T1087	Account Discovery
PUR-AS-E5	Audit Solutions	Technique Scores	T1087.004	Cloud Account
PUR-AS-E5	Audit Solutions	Technique Scores	T1059	Command and Scripting Interpreter
PUR-AS-E5	Audit Solutions	Technique Scores	T1059.009	Cloud API
PUR-AS-E5	Audit Solutions	Technique Scores	T1530	Data from Cloud Storage
PUR-AS-E5	Audit Solutions	Technique Scores	T1213	Data from Information Repositories
PUR-AS-E5	Audit Solutions	Technique Scores	T1213.002	Sharepoint
PUR-AS-E5	Audit Solutions	Technique Scores	T1114	Email Collection
PUR-AS-E5	Audit Solutions	Technique Scores	T1114.002	Remote Email Collection
PUR-AS-E5	Audit Solutions	Technique Scores	T1114.003	Email Forwarding Rule
PUR-AS-E5	Audit Solutions	Technique Scores	T1606	Forge Web Credentials
PUR-AS-E5	Audit Solutions	Technique Scores	T1564	Hide Artifacts
PUR-AS-E5	Audit Solutions	Technique Scores	T1564.008	Email Hiding Rules
PUR-AS-E5	Audit Solutions	Technique Scores	T1546	Event Triggered Execution
PUR-AS-E5	Audit Solutions	Technique Scores	T1562	Impair Defenses
PUR-AS-E5	Audit Solutions	Technique Scores	T1562.008	Disable or Modify Cloud Logs
PUR-AS-E5	Audit Solutions	Technique Scores	T1070	Indicator Removal
PUR-AS-E5	Audit Solutions	Technique Scores	T1070.008	Clear Mailbox Data
PUR-AS-E5	Audit Solutions	Technique Scores	T1556	Modify Authentication Process
PUR-AS-E5	Audit Solutions	Technique Scores	T1556.006	Multi-Factor Authentication
PUR-AS-E5	Audit Solutions	Technique Scores	T1566	Phishing
PUR-AS-E5	Audit Solutions	Technique Scores	T1566.002	Spearphishing Link
PUR-AS-E5	Audit Solutions	Technique Scores	T1528	Steal Application Access Token
PUR-AS-E5	Audit Solutions	Technique Scores	T1552	Unsecured Credentials
PUR-AS-E5	Audit Solutions	Technique Scores	T1552.008	Chat Messages
PUR-AS-E5	Audit Solutions	Technique Scores	T1078	Valid Accounts
PUR-AS-E5	Audit Solutions	Technique Scores	T1078.004	Cloud Accounts
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1586.003	Cloud Accounts
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1078.001	Default Accounts
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1078	Valid Accounts
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1133	External Remote Services
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1213	Data from Information Repositories
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1213.002	Sharepoint
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1530	Data from Cloud Storage
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1059	Command and Scripting Interpreter
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1059.009	Cloud API
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1651	Cloud Administration Command
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1098.001	Additional Cloud Credentials
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1098.003	Additional Cloud Roles
PUR-PAM-E5	Privileged Access Management	Technique Scores	T1098	Account Manipulation

Capabilities

Capability ID	Capability Name	Number of Mappings
PUR-PAM-E5	Privileged Access Management	13
PUR-AS-E5	Audit Solutions	29
PUR-IP-E5	Information Protection	12

M365 Microsoft Purview Capability Group

All Mappings

Capabilities