Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Pralhad Chaskar
November 26, 2022
Technology
430
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
Unfurling AI
c0d3xpl0it
0
33
RDP Hijacking
c0d3xpl0it
0
480
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
290
Pwning O365 Infrastructure
c0d3xpl0it
0
630
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
230
Adversay Emulation using Caldera
c0d3xpl0it
1
190
GPO Vs Applocker Restrictions
c0d3xpl0it
0
720
Other Decks in Technology
See All in Technology
Bucharest Tech Week 2026 - Reinventing testing practices in the AI era
edeandrea
PRO
1
170
【セミナー資料】Claude Code をセキュアに使うための考え方と設定の勘どころ / Claude Code Webinar 20260616
masahirokawahara
2
430
FPC(フレキシブル)基板にZephyr実装してみた。
iotengineer22
0
140
AIのReact習熟度を測る
uhyo
2
660
インシデントレスポンス演習 I / Incident Response Exercise I
ks91
PRO
0
100
「軸足」は 固定しなくていい - 熱量と強みで描く、しなやかなキャリアの形
kakehashi
PRO
1
160
脱SaaS!FDEを支えるプロビジョニングと分離設計
knih
0
250
AWS Security Hub CSPMの成功・失敗体験
cmusudakeisuke
0
380
AIはどのように 組織のアジリティを変えるのか?
junki
4
1.1k
「勝手に広まる」人気 AI エージェントを爆速で作ろう!(AWS Summit Japan 2026講演資料)
minorun365
PRO
10
2.2k
データサイエンスを価値につなげるプロジェクト設計 〜 DS一年目が現場で得た気づき 〜
ysd113
1
290
ぼっちではじめた登壇が「51名」「241件」の発信に化けた
subroh0508
1
280
Featured
See All Featured
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
420
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
1.1k
Producing Creativity
orderedlist
PRO
348
40k
Deep Space Network (abreviated)
tonyrice
0
210
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
Leading Effective Engineering Teams in the AI Era
addyosmani
9
2.1k
sira's awesome portfolio website redesign presentation
elsirapls
0
280
Making Projects Easy
brettharned
120
6.7k
The agentic SEO stack - context over prompts
schlessera
0
820
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
Navigating Team Friction
lara
192
16k
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
c0d3xpl0it
edeandrea
masahirokawahara
iotengineer22
uhyo
ks91
kakehashi
knih
cmusudakeisuke
junki
minorun365
ysd113
subroh0508
baasie
tamaranovitovic
orderedlist
tonyrice
bermonpainter
addyosmani
elsirapls
brettharned
schlessera
malarkey
lara
charlesmeaden
