![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 34%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
25,263 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 82%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVD%3C/text%3E%3C/svg%3E)
Hello @Gaurang Patel
Microsoft Entra ID (formerly Azure AD) offers several features to defend against modern phishing threats like Mamba 2FA:
- Enforce Phishing-Resistant MFA
The most effective mitigation is to enforce phishing-resistant MFA methods, which cannot be intercepted by adversary-in-the-middle attacks. Microsoft Entra ID supports several such methods:
FIDO2 Security Keys
Certificate-Based Authentication (CBA)
Windows Hello for Business
Device-bound passkeys (in supported authenticator apps)
These methods are cryptographically tied to the device and the authentication service, making them immune to credential interception by phishing sites
how-to-plan-prerequisites-phishing-resistant-passwordless-authentication
Reference how to enable above MFA methods:
how-to-register-passkey-with-security-key
- Conditional Access Policies
Entra ID enables organizations to create Conditional Access policies that:
Require phishing-resistant MFA for all or high-risk users.
Block or challenge sign-ins from unfamiliar or risky locations, devices, or IP addresses.
- Restrict access to trusted devices or networks only
https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection
- Identity Protection and Risk Detection
Microsoft Entra ID Protection uses AI and machine learning to:
Continuously analyze sign-in behavior and detect risky sign-ins, such as those from anonymous IPs, unusual locations, or impossible travel scenarios.
- Assign a risk level to each sign-in and user, automatically triggering remediation actions (e.g., requiring re-authentication, blocking access, or alerting administrators)
https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection
This approach prioritizes migrating users to phishing-resistant authentication methods and leverages Entra ID’s identity protection features to significantly reduce the risk of compromise. By implementing these measures, we can ensure a more secure and resilient authentication process for all users, safeguarding against potential threats and enhancing overall system security.
If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment".