Upgrade to Pro — share decks privately, control downloads, hide ads and more …

M365 Security Review

Pralhad Chaskar
November 26, 2022
Technology
0
330

M365 Security Review

Presented at null Dubai Meet 26 Nov 2022 Monthly Meet

Pralhad Chaskar

November 26, 2022
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
390
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
230
Pwning O365 Infrastructure
c0d3xpl0it
0
560
AWS Security Assessment
c0d3xpl0it
0
1.3k
Bloodhound 2.0
c0d3xpl0it
0
170
Auditing ACLs on Active Directory
c0d3xpl0it
0
150
Adversay Emulation using Caldera
c0d3xpl0it
1
130
GPO Vs Applocker Restrictions
c0d3xpl0it
0
620
Introduction Atomic Red Team Framework
c0d3xpl0it
0
320

Other Decks in Technology

See All in Technology
オプトインカメラ:UWB測位を応用したオプトイン型のカメラ計測
matthewlujp
0
170
re:Invent 2024 Innovation Talks(NET201)で語られた大切なこと
shotashiratori
0
310
10分で学ぶKubernetesコンテナセキュリティ/10min-k8s-container-sec
mochizuki875
3
330
開発生産性向上! 育成を「改善」と捉えるエンジニア育成戦略
shoota
2
350
サイバー攻撃を想定したセキュリティガイドライン 策定とASM及びCNAPPの活用方法
syoshie
3
1.3k
大幅アップデートされたRagas v0.2をキャッチアップ
os1ma
2
530
あの日俺達が夢見たサーバレスアーキテクチャ/the-serverless-architecture-we-dreamed-of
tomoki10
0
460
Fanstaの1年を大解剖! 一人SREはどこまでできるのか!?
syossan27
2
170
多領域インシデントマネジメントへの挑戦:ハードウェアとソフトウェアの融合が生む課題/Challenge to multidisciplinary incident management: Issues created by the fusion of hardware and software
bitkey
PRO
2
100
ブラックフライデーで購入したPixel9で、Gemini Nanoを動かしてみた
marchin1989
1
530
Wantedly での Datadog 活用事例
bgpat
1
440
How to be an AWS Community Builder | 君もAWS Community Builderになろう!〜2024 冬 CB募集直前対策編?!〜
coosuke
PRO
2
2.8k

Featured

See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
347
20k
Designing Experiences People Love
moore
138
23k
Adopting Sorbet at Scale
ufuk
73
9.1k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
5
450
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
48
2.2k
Designing on Purpose - Digital PM Summit 2013
jponch
116
7k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Designing for humans not robots
tammielis
250
25k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
28
900

Transcript

  1. M365 Security Review

  2. # whoami • Pralhad Chaskar • Security Consultant with Help

    AG • One of Null Dubai Chapter Lead • @c0d3xpl0it

  3. # Agenda • What is M365 ? • Why we

    need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A

  4. What is M365 ?

  5. Why we need to audit M365 ?

  6. Permissions to perform Security Audit

  7. Restrict Access to Azure Portal

  8. Conditional Access Policy

  9. Tenant Creation

  10. Disable LinkedIn account connection

  11. User App Registration

  12. Sample Malicious App

  13. Keep User Signed In

  14. External Identities Collaboration settings

  15. Sharepoint External Sharing

  16. Sharepoint Sign-out users on inactivity

  17. Disable External Sharing

  18. Disable External Sharing

  19. Disable External Sharing

  20. Disable Third-Party Apps Access

  21. Legacy Authentication in Use

  22. Notification on Password Reset (for admins)

  23. Custom Banned Passwords not used

  24. MFA Status Disabled - The user is marked Disabled when

    he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.

  25. Enabled Domain Users/Guest with MFA Status

  26. MFA Status for Privileged Users

  27. Disable SMS/Call to Phone 2FA

  28. Disable unused Apps

  29. Teams Permissions

  30. Teams Sharing

  31. MFA for joining devices

  32. Company Branding on Sign-in Page

  33. Enable Security Defaults

  34. Identity Secure Score

  35. Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/

    • https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/

  36. Elon got you covered • http://msportals.io/ • https://cmd.ms/

  37. Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-

    Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0

  38. Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect

  39. How can we learn or Playground for M365

  40. None