Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Pralhad Chaskar
November 26, 2022
Technology
420
0
Share
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
460
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
280
Pwning O365 Infrastructure
c0d3xpl0it
0
620
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
220
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
710
Introduction Atomic Red Team Framework
c0d3xpl0it
0
390
Other Decks in Technology
See All in Technology
OPENLOGI Company Profile for engineer
hr01
1
62k
互換性のある(らしい)DBへの移行など考えるにあたってたいへんざっくり
sejima
PRO
0
520
制約を設計する - 非決定性との境界線 / Designing constraints
soudai
PRO
4
880
トイルを超えたCREは何屋になるのか
bengo4com
0
120
JAWS DAYS 2026でAIの「もやっと」感が解消された話
smt7174
1
120
推し活エージェント
yuntan_t
1
330
脳が溶けた話 / Melted Brain
keisuke69
1
1.2k
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
cybozuinsideout
PRO
10
77k
Databricks Lakehouse Federationで 運用負荷ゼロのデータ連携
nek0128
0
110
Cursor Subagentsはいいぞ
yug1224
2
130
AWS DevOps Agent or Kiro の使いどころを考える_20260402
masakiokuda
0
140
Babylon.js Japan Activities (2026/4)
limes2018
0
140
Featured
See All Featured
Deep Space Network (abreviated)
tonyrice
0
100
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.1k
Navigating Weather and Climate Data
rabernat
0
160
The Pragmatic Product Professional
lauravandoore
37
7.2k
Utilizing Notion as your number one productivity tool
mfonobong
4
280
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
470
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
150
The World Runs on Bad Software
bkeepers
PRO
72
12k
Tell your own story through comics
letsgokoyo
1
880
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
68
38k
The Cost Of JavaScript in 2023
addyosmani
55
9.8k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
c0d3xpl0it
hr01
sejima
soudai
bengo4com
smt7174
yuntan_t
keisuke69
cybozuinsideout
nek0128
yug1224
masakiokuda
limes2018
tonyrice
lfama
addyosmani
rabernat
lauravandoore
mfonobong
marktimemedia
techseoconnect
bkeepers
letsgokoyo
akihiro_kokubo
