Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Pralhad Chaskar
November 26, 2022
Technology
0
380
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
430
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
250
Pwning O365 Infrastructure
c0d3xpl0it
0
590
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
190
Auditing ACLs on Active Directory
c0d3xpl0it
0
180
Adversay Emulation using Caldera
c0d3xpl0it
1
160
GPO Vs Applocker Restrictions
c0d3xpl0it
0
670
Introduction Atomic Red Team Framework
c0d3xpl0it
0
360
Other Decks in Technology
See All in Technology
僕たちが「開発しやすさ」を求め 模索し続けたアーキテクチャ #アーキテクチャ勉強会_findy
bengo4com
0
2.6k
AIに頼りすぎない新人育成術
cuebic9bic
3
330
コミュニティと計画的偶発性理論 - 出会いが人生を変える / Life-Changing Encounters
soudai
PRO
7
800
✨敗北解法コレクション✨〜Expertだった頃に足りなかった知識と技術〜
nanachi
1
780
自治体職員がガバクラの AWS 閉域ネットワークを理解するのにやって良かった個人検証環境
takeda_h
2
320
事業特性から逆算したインフラ設計
upsider_tech
0
240
会社にデータエンジニアがいることでできるようになること
10xinc
7
850
アカデミーキャンプ 2025 SuuuuuuMMeR「燃えろ!!ロボコン」 / Academy Camp 2025 SuuuuuuMMeR "Burn the Spirit, Robocon!!" DAY 1
ks91
PRO
0
150
生成AIによるソフトウェア開発の収束地点 - Hack Fes 2025
vaaaaanquish
34
16k
Rethinking Incident Response: Context-Aware AI in Practice - Incident Buddy Edition -
rrreeeyyy
0
120
2025新卒研修・Webアプリケーションセキュリティ #弁護士ドットコム
bengo4com
3
9.5k
Telemetry APIから学ぶGoogle Cloud ObservabilityとOpenTelemetryの現在 / getting-started-telemetry-api-with-google-cloud
k6s4i53rx
0
160
Featured
See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
Faster Mobile Websites
deanohume
309
31k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
770
StorybookのUI Testing Handbookを読んだ
zakiyama
30
6k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.4k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
GraphQLとの向き合い方2022年版
quramy
49
14k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
Git: the NoSQL Database
bkeepers
PRO
431
65k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None