Upgrade to Pro — share decks privately, control downloads, hide ads and more …

M365 Security Review

Pralhad Chaskar
November 26, 2022
Technology
0
150

M365 Security Review

Presented at null Dubai Meet 26 Nov 2022 Monthly Meet

Pralhad Chaskar

November 26, 2022
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
330
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
190
Pwning O365 Infrastructure
c0d3xpl0it
0
420
AWS Security Assessment
c0d3xpl0it
0
1.2k
Bloodhound 2.0
c0d3xpl0it
0
140
Auditing ACLs on Active Directory
c0d3xpl0it
0
120
Adversay Emulation using Caldera
c0d3xpl0it
1
100
GPO Vs Applocker Restrictions
c0d3xpl0it
0
480
Introduction Atomic Red Team Framework
c0d3xpl0it
0
260

Other Decks in Technology

See All in Technology
OCI技術資料 : ロード・バランサー 詳細 / Load Balancer 200
ocise
2
7.2k
03_ユーザビリティテスト
kouzoukaikaku
0
500
「一通りできるようになった」その先の話
hitomi___kt
0
120
02_プロトタイピングの進め方
kouzoukaikaku
0
520
AI Services 概要 / AI Services overview
oracle4engineer
PRO
0
170
IoTを始めたきっかけの話と個人でできるIoTの今後 / 新年LT会「私の愛するIoT 2023」
you
0
230
スクラム導入して変わったチーム、組織のありかた
yumechi
0
190
re:Invent2022 前後の Amazon EventBridge のアップデートを踏まえつつ、情シスの仕事をより楽しくしたい話。 / EventBridge for Information Systems Department
_kensh
2
740
API連携に伴う規制と対応 / Regulations and responses to API linkage
moneyforward
0
160
Pentesting Password Reset Functionality
anugrahsr
0
470
IoT から見る AWS re:invent 2022 ― AWSのIoTの歴史を添えて/Point of view the AWS re:invent 2022 with IoT - with a history of IoT in AWS
ma2shita
0
270
立ち止まっても、寄り道しても / even if I stop, even if I take a detour
katoaz
0
630

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
182
15k
Code Reviewing Like a Champion
maltzj
508
38k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
196
9.8k
Documentation Writing (for coders)
carmenintech
51
2.9k
Producing Creativity
orderedlist
PRO
335
38k
KATA
mclloyd
12
9.7k
Atom: Resistance is Futile
akmur
256
24k
Embracing the Ebb and Flow
colly
75
3.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
120
29k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
2
400
GitHub's CSS Performance
jonrohan
1020
430k

Transcript

  1. M365 Security Review

  2. # whoami • Pralhad Chaskar • Security Consultant with Help

    AG • One of Null Dubai Chapter Lead • @c0d3xpl0it

  3. # Agenda • What is M365 ? • Why we

    need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A

  4. What is M365 ?

  5. Why we need to audit M365 ?

  6. Permissions to perform Security Audit

  7. Restrict Access to Azure Portal

  8. Conditional Access Policy

  9. Tenant Creation

  10. Disable LinkedIn account connection

  11. User App Registration

  12. Sample Malicious App

  13. Keep User Signed In

  14. External Identities Collaboration settings

  15. Sharepoint External Sharing

  16. Sharepoint Sign-out users on inactivity

  17. Disable External Sharing

  18. Disable External Sharing

  19. Disable External Sharing

  20. Disable Third-Party Apps Access

  21. Legacy Authentication in Use

  22. Notification on Password Reset (for admins)

  23. Custom Banned Passwords not used

  24. MFA Status Disabled - The user is marked Disabled when

    he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.

  25. Enabled Domain Users/Guest with MFA Status

  26. MFA Status for Privileged Users

  27. Disable SMS/Call to Phone 2FA

  28. Disable unused Apps

  29. Teams Permissions

  30. Teams Sharing

  31. MFA for joining devices

  32. Company Branding on Sign-in Page

  33. Enable Security Defaults

  34. Identity Secure Score

  35. Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/

    • https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/

  36. Elon got you covered • http://msportals.io/ • https://cmd.ms/

  37. Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-

    Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0

  38. Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect

  39. How can we learn or Playground for M365

  40. None