Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Pralhad Chaskar
November 26, 2022
Technology
420
0
Share
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
460
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
280
Pwning O365 Infrastructure
c0d3xpl0it
0
620
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
220
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
710
Introduction Atomic Red Team Framework
c0d3xpl0it
0
390
Other Decks in Technology
See All in Technology
ネットワーク運用を楽にするAWS DevOps Agent活用法!! / 20260421 Masaki Okuda
shift_evolve
PRO
2
210
エージェントスキルを作って自分のインプットに役立てよう
tsubakimoto_s
0
370
20年前の「OSS革命」に学ぶ AI時代の生存戦略
samakada
0
440
Amazon S3 Filesについて
yama3133
2
210
最近の技術系の話題で気になったもの色々(IoT系以外も) / IoTLT 花見予定会(たぶんBBQ) @都立潮風公園バーベキュー広場
you
PRO
1
240
ハーネスエンジニアリングの概要と設計思想
sergicalsix
9
5k
Choose your own adventure in agentic design patterns
glaforge
0
140
データを"持てない"環境でのアノテーション基盤設計
sansantech
PRO
1
120
AzureのIaC管理からログ調査まで、随所に役立つSkillsとCustom-Instructions / Boosting IaC and Log Analysis with Skills
aeonpeople
0
230
AI バイブコーティングでキーボード不要?!
samakada
0
580
Claude Code を安全に使おう勉強会 / Claude Code Security Basics
masahirokawahara
11
33k
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
320
Featured
See All Featured
Rebuilding a faster, lazier Slack
samanthasiow
85
9.5k
Chasing Engaging Ingredients in Design
codingconduct
0
170
Done Done
chrislema
186
16k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
250
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
200
Speed Design
sergeychernyshev
33
1.6k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.9k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.4k
Crafting Experiences
bethany
1
110
AI: The stuff that nobody shows you
jnunemaker
PRO
6
570
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
c0d3xpl0it
shift_evolve
tsubakimoto_s
samakada
yama3133
you
sergicalsix
glaforge
sansantech
aeonpeople
masahirokawahara
ks91
samanthasiow
codingconduct
chrislema
davetheseo
bermonpainter
nikkihalliwell
sergeychernyshev
reverentgeek
ipullrank
bethany
jnunemaker
keithpitt
