Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Pralhad Chaskar
November 26, 2022
Technology
0
410
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
460
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
270
Pwning O365 Infrastructure
c0d3xpl0it
0
620
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
210
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
700
Introduction Atomic Red Team Framework
c0d3xpl0it
0
390
Other Decks in Technology
See All in Technology
モブプログラミング再入門 ー 基本から見直す、AI時代のチーム開発の選択肢 ー / A Re-introduction of Mob Programming
takaking22
5
1.5k
マルチアカウント環境でSecurity Hubの運用!導入の苦労とポイント / JAWS DAYS 2026
genda
0
670
わたしがセキュアにAWSを使えるわけないじゃん、ムリムリ!(※ムリじゃなかった!?)
cmusudakeisuke
1
730
複数クラスタ運用と検索の高度化:ビズリーチにおけるElastic活用事例 / ElasticON Tokyo2026
visional_engineering_and_design
0
160
vLLM Community Meetup Tokyo #3 オープニングトーク
jpishikawa
0
350
Agent ServerはWeb Serverではない。ADKで考えるAgentOps
akiratameto
0
100
AWSの資格って役に立つの?
tk3fftk
2
340
AWS DevOps Agent vs SRE俺 / AWS DevOps Agent vs me, the SRE
sms_tech
3
800
楽しく学ぼう!コミュニティ入門 AWSと人が つむいできたストーリー
hiroramos4
PRO
1
200
It’s “Time” to use Temporal
sajikix
1
140
Claude Codeが爆速進化してプラグイン追従がつらいので半自動化した話 ver.2
rfdnxbro
0
530
Shifting from MCP to Skills / ベストプラクティスの変遷を辿る
yamanoku
4
850
Featured
See All Featured
Joys of Absence: A Defence of Solitary Play
codingconduct
1
310
SEO for Brand Visibility & Recognition
aleyda
0
4.4k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
140
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
100
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.1k
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
150
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
270
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
64
53k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
390
30 Presentation Tips
portentint
PRO
1
250
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
260
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
c0d3xpl0it
takaking22
genda
cmusudakeisuke
visional_engineering_and_design
jpishikawa
akiratameto
tk3fftk
sms_tech
hiroramos4
sajikix
rfdnxbro
yamanoku
codingconduct
aleyda
pwiseman
tmiket
tammyeverts
nikkihalliwell
kimpetersen
nwiizo
chikuwait
portentint
inesmontani
pedronauck
