Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
M365 Security Review
Pralhad Chaskar
November 26, 2022
Technology
0
150
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
330
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
190
Pwning O365 Infrastructure
c0d3xpl0it
0
420
AWS Security Assessment
c0d3xpl0it
0
1.2k
Bloodhound 2.0
c0d3xpl0it
0
140
Auditing ACLs on Active Directory
c0d3xpl0it
0
120
Adversay Emulation using Caldera
c0d3xpl0it
1
100
GPO Vs Applocker Restrictions
c0d3xpl0it
0
480
Introduction Atomic Red Team Framework
c0d3xpl0it
0
260
Other Decks in Technology
See All in Technology
OCI技術資料 : ロード・バランサー 詳細 / Load Balancer 200
ocise
2
7.2k
03_ユーザビリティテスト
kouzoukaikaku
0
500
「一通りできるようになった」その先の話
hitomi___kt
0
120
02_プロトタイピングの進め方
kouzoukaikaku
0
520
AI Services 概要 / AI Services overview
oracle4engineer
PRO
0
170
IoTを始めたきっかけの話と個人でできるIoTの今後 / 新年LT会「私の愛するIoT 2023」
you
0
230
スクラム導入して変わったチーム、組織のありかた
yumechi
0
190
re:Invent2022 前後の Amazon EventBridge のアップデートを踏まえつつ、情シスの仕事をより楽しくしたい話。 / EventBridge for Information Systems Department
_kensh
2
740
API連携に伴う規制と対応 / Regulations and responses to API linkage
moneyforward
0
160
Pentesting Password Reset Functionality
anugrahsr
0
470
IoT から見る AWS re:invent 2022 ― AWSのIoTの歴史を添えて/Point of view the AWS re:invent 2022 with IoT - with a history of IoT in AWS
ma2shita
0
270
立ち止まっても、寄り道しても / even if I stop, even if I take a detour
katoaz
0
630
Featured
See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
182
15k
Code Reviewing Like a Champion
maltzj
508
38k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
196
9.8k
Documentation Writing (for coders)
carmenintech
51
2.9k
Producing Creativity
orderedlist
PRO
335
38k
KATA
mclloyd
12
9.7k
Atom: Resistance is Futile
akmur
256
24k
Embracing the Ebb and Flow
colly
75
3.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
120
29k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
2
400
GitHub's CSS Performance
jonrohan
1020
430k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None