Phishing-Resistant MFA
Authentication methods that cannot be intercepted or replayed by attackers through phishing attacks.
What is Phishing-Resistant MFA?
Traditional MFA methods like SMS codes or push notifications can be compromised through social engineering, SIM swapping, or MFA fatigue attacks. Phishing-resistant MFA uses cryptographic proof of possession that binds authentication to the specific device and website, making it impossible for attackers to intercept and reuse credentials even if they trick users into providing them.
In Microsoft 365
Microsoft 365 supports phishing-resistant MFA through FIDO2 security keys, Windows Hello for Business, and certificate-based authentication. These methods can be enforced through Conditional Access authentication strength policies.
Examples
- 1YubiKey FIDO2 security key
- 2Windows Hello facial recognition
- 3Passkeys on mobile devices
- 4Smart card with certificate
Related TrueConfig Controls
These controls help implement and verify phishing-resistant mfa in your Microsoft 365 environment.
Frequently Asked Questions
What is Phishing-Resistant MFA?▼
How does Phishing-Resistant MFA work in Microsoft 365?▼
What are examples of Phishing-Resistant MFA?▼
Which TrueConfig controls relate to Phishing-Resistant MFA?▼
Related Terms
FIDO2
An open authentication standard that enables passwordless authentication using public key cryptography.
Passkey
A FIDO2 credential that can be synced across devices, enabling passwordless authentication without hardware tokens.
Windows Hello for Business
Microsoft enterprise credential that replaces passwords with strong two-factor authentication using biometrics or PIN.
Authentication Strength
Conditional Access feature that specifies which authentication methods are acceptable for a given access scenario.