1. Home
  2. Mapping Frameworks
  3. M365 Home
  4. Passwordless Authentication

M365 EID-PWLA-E3

Features like multi-factor authentication (MFA) are a great way to secure your organization, but users often get frustrated with the additional security layer on top of having to remember their passwords. Passwordless authentication methods are more convenient because the password is removed and replaced with something you have, plus something you are or something you know.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
EID-PWLA-E3 Passwordless Authentication protect significant T1021.007 Cloud Services
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, use of strong two-factor for remote service accounts will mitigate an adversary's ability to leverage stolen credentials. License Requirements: All Microsoft Entra ID licenses
References
  1. https://m365maps.com/files/Entra-ID-All.htm
  2. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  3. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
EID-PWLA-E3 Passwordless Authentication protect significant T1078.004 Cloud Accounts
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://m365maps.com/files/Entra-ID-All.htm
  2. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/your-pa-word-doesn-t-matter/ba-p/731984
  3. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  4. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
EID-PWLA-E3 Passwordless Authentication protect significant T1098.001 Additional Cloud Credentials
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity (e.g., additional cloud permissions, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  2. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  3. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/your-pa-word-doesn-t-matter/ba-p/731984
  4. https://m365maps.com/files/Entra-ID-All.htm
EID-PWLA-E3 Passwordless Authentication protect significant T1098.003 Additional Cloud Roles
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity (e.g., additional cloud roles, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://m365maps.com/files/Entra-ID-All.htm
  2. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/your-pa-word-doesn-t-matter/ba-p/731984
  3. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  4. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
EID-PWLA-E3 Passwordless Authentication protect significant T1110 Brute Force
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://m365maps.com/files/Entra-ID-All.htm
  2. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  3. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
EID-PWLA-E3 Passwordless Authentication protect significant T1110 Brute Force
Comments
This control provides significant protection against this brute force technique by completing obviating the need for passwords by replacing it with passwordless credentials.
References
  1. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-passwordless
EID-PWLA-E3 Passwordless Authentication protect significant T1110.001 Password Guessing
Comments
Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
References
  1. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
  2. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  3. https://m365maps.com/files/Entra-ID-All.htm
EID-PWLA-E3 Passwordless Authentication protect significant T1110.001 Password Guessing
Comments
This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.
References
    EID-PWLA-E3 Passwordless Authentication protect significant T1110.002 Password Cracking
    Comments
    Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
    References
    1. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
    2. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
    3. https://m365maps.com/files/Entra-ID-All.htm
    EID-PWLA-E3 Passwordless Authentication protect significant T1110.002 Password Cracking
    Comments
    This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.
    References
      EID-PWLA-E3 Passwordless Authentication protect significant T1110.003 Password Spraying
      Comments
      Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
      References
      1. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
      2. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
      3. https://m365maps.com/files/Entra-ID-All.htm
      EID-PWLA-E3 Passwordless Authentication protect significant T1110.003 Password Spraying
      Comments
      This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.
      References
        EID-PWLA-E3 Passwordless Authentication protect significant T1110.004 Credential Stuffing
        Comments
        Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., brute force, token theft, etc.). License Requirements: All Microsoft Entra ID licenses
        References
        1. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
        2. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
        3. https://m365maps.com/files/Entra-ID-All.htm
        EID-PWLA-E3 Passwordless Authentication protect significant T1110.004 Credential Stuffing
        Comments
        This control provides significant protection against password based attacks by completing obviating the need for passwords by replacing it with passwordless credentials.
        References
          EID-PWLA-E3 Passwordless Authentication protect significant T1136.003 Cloud Account
          Comments
          Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity (e.g., account creation, etc.). License Requirements: All Microsoft Entra ID licenses
          References
          1. https://m365maps.com/files/Entra-ID-All.htm
          2. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/your-pa-word-doesn-t-matter/ba-p/731984
          3. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
          4. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
          EID-PWLA-E3 Passwordless Authentication protect significant T1531 Account Access Removal
          Comments
          Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity (e.g., account creation, account deletion etc.). License Requirements: All Microsoft Entra ID licenses
          References
          1. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
          2. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/your-pa-word-doesn-t-matter/ba-p/731984
          3. https://m365maps.com/files/Entra-ID-All.htm
          EID-PWLA-E3 Passwordless Authentication protect significant T1539 Steal Web Session Cookie
          Comments
          Microsoft recommended the use of Passwordless authentication. This method provides the most secure MFA sign-in process by replacing the password with something you have, plus something you are or something you know.(e.g., Biometric, FIDO2 security keys, Microsoft’s Authenticator app). When combined with Conditional Access policies, Passwordless Authentication can significantly protect against the likelihood of adversary activity from credential attacks (e.g., token theft, etc.). License Requirements: All Microsoft Entra ID licenses
          References
          1. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/all-your-creds-are-belong-to-us/ba-p/855124
          2. https://m365maps.com/files/Entra-ID-All.htm
          3. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods