ID-04 FAQ

Question 1

What is ID-04 (Require Phishing-Resistant MFA for All Users)?

Accepted Answer

ID-04 is a security control that phishing attacks can bypass traditional mfa. at level 3, the entire organization uses authentication methods that cryptographically prove user presence, eliminating mfa bypass attacks entirely. It requires that all users must use phishing-resistant mfa (fido2, windows hello, passkeys) and sms and voice call authentication methods are disabled tenant-wide, push notification mfa is disabled or only allowed with number matching.

Question 2

Why is Require Phishing-Resistant MFA for All Users important for Microsoft 365 security?

Accepted Answer

Phishing attacks can bypass traditional MFA. At Level 3, the entire organization uses authentication methods that cryptographically prove user presence, eliminating MFA bypass attacks entirely.

Question 3

How do I implement ID-04 in my tenant?

Accepted Answer

TrueConfig provides one-click remediation for ID-04. Enables FIDO2 and passkey authentication methods. Users still need to register their own security keys.

Question 4

What license do I need for ID-04?

Accepted Answer

This control requires Azure AD Premium P1 (included in Microsoft 365 E3) or higher.

Question 5

Which security baseline includes ID-04?

Accepted Answer

ID-04 is included in the Maximum Security baseline (Level 3). This level is designed for high-security environments and regulated industries.

Question 6

Why is ID-04 marked as critical severity?

Accepted Answer

ID-04 is rated critical because failure to implement this control significantly increases the risk of security incidents. Phishing attacks can bypass traditional MFA. At Level 3, the entire organization uses authentication methods that cryptographically prove user presence, eliminating MFA bypass attacks entirely.

ID-04: Require Phishing-Resistant MFA for All Users

Related Resources

Still have questions?