Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Pralhad Chaskar
November 26, 2022
Technology
0
280
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
360
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
210
Pwning O365 Infrastructure
c0d3xpl0it
0
520
AWS Security Assessment
c0d3xpl0it
0
1.3k
Bloodhound 2.0
c0d3xpl0it
0
150
Auditing ACLs on Active Directory
c0d3xpl0it
0
140
Adversay Emulation using Caldera
c0d3xpl0it
1
130
GPO Vs Applocker Restrictions
c0d3xpl0it
0
550
Introduction Atomic Red Team Framework
c0d3xpl0it
0
310
Other Decks in Technology
See All in Technology
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
350
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
140
地理空間データ可視化・解析・活用ソリューション Pacific Spatial Solutions (PSS)
pacificspatialsolutions
0
300
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
5
540
生成AIの変革の時代に、直近1年で直面した課題とその解決策
ktc_wada
0
360
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
180
R3のコードから見る実践LINQ実装最適化・コンカレントプログラミング実例
neuecc
2
260
Cracking the KubeCon CfP
inductor
2
250
「スニダン」開発組織の構造に込めた意図 ~組織作りはパッションや政治ではない!~
rinchsan
3
570
複雑な構成要素を持つUIとの向き合い方 〜新・支出グラフでの実例〜 / B43 TECH TALK
nakamuuu
0
140
web-application-security
matsuihidetoshi
0
170
Terraformあれやこれ/terraform-this-and-that
emiki
8
1.5k
Featured
See All Featured
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Art, The Web, and Tiny UX
lynnandtonic
289
19k
Raft: Consensus for Rubyists
vanstee
132
6.3k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Agile that works and the tools we love
rasmusluckow
325
20k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
How to name files
jennybc
65
93k
Code Review Best Practice
trishagee
55
15k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
244
20k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Building Your Own Lightsaber
phodgson
99
5.7k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None