Phishing-resistant MFA SHALL be enforced for all users.

Why This Matters

Phishing attacks remain one of the most common and effective ways for attackers to compromise user credentials. Standard multi-factor authentication methods, such as SMS or one-time codes, can be bypassed in real-time through man-in-the-middle attacks. Enforcing phishing-resistant MFA, like FIDO2 security keys or Windows Hello for Business, ensures that authentication methods are bound to the device and can't be intercepted.

What Aether365 Checks

Aether365 verifies that phishing-resistant MFA is enforced for all users in your Microsoft Entra ID (formerly Azure AD) tenant. This check appears in your Aether365 dashboard under the Entra ID checks section, aligned with the CIS framework.