Upgrade to Pro — share decks privately, control downloads, hide ads and more …

M365 Security Review

Avatar for Pralhad Chaskar Pralhad Chaskar
November 26, 2022
Technology
0
380

M365 Security Review

Presented at null Dubai Meet 26 Nov 2022 Monthly Meet

Avatar for Pralhad Chaskar

Pralhad Chaskar

November 26, 2022
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
RDP Hijacking
Avatar for Pralhad Chaskar c0d3xpl0it
0
420
AWS IAM Privilege Escalation Methods
Avatar for Pralhad Chaskar c0d3xpl0it
0
250
Pwning O365 Infrastructure
Avatar for Pralhad Chaskar c0d3xpl0it
0
590
AWS Security Assessment
Avatar for Pralhad Chaskar c0d3xpl0it
0
1.4k
Bloodhound 2.0
Avatar for Pralhad Chaskar c0d3xpl0it
0
180
Auditing ACLs on Active Directory
Avatar for Pralhad Chaskar c0d3xpl0it
0
180
Adversay Emulation using Caldera
Avatar for Pralhad Chaskar c0d3xpl0it
1
160
GPO Vs Applocker Restrictions
Avatar for Pralhad Chaskar c0d3xpl0it
0
660
Introduction Atomic Red Team Framework
Avatar for Pralhad Chaskar c0d3xpl0it
0
350

Other Decks in Technology

See All in Technology
2025新卒研修・HTML/CSS #弁護士ドットコム
Avatar for 弁護士ドットコム bengo4com
2
4.1k
ファインディにおける Dataform ブランチ戦略
Avatar for Noriaki Hiraki hiracky16
0
240
生成AIによる情報システムへのインパクト
Avatar for Takaaki Yayoi taka_aki
1
220
2025-07-25 NOT A HOTEL TECH TALK ━ スマートホーム開発の最前線 ━ SOFTWARE
Avatar for Yusuke Kuroiwa wakinchan
0
180
「AI駆動開発」のボトルネック『言語化』を効率化するには
Avatar for Tomohiro Tani taniiicom
1
230
AI人生苦節10年で会得したAIがやること_人間がやること.pdf
Avatar for shibuiwilliam shibuiwilliam
1
230
手動からの解放!!Strands Agents で実現する総合テスト自動化
Avatar for 井手亮太 ideaws
3
430
TypeScript 上達の道
Avatar for Kanon ysknsid25
23
5k
LLMでAI-OCR、実際どうなの? / llm_ai_ocr_layerx_bet_ai_day_lt
Avatar for sbrf248 sbrf248
0
380
【CEDEC2025】LLMを活用したゲーム開発支援と、生成AIの利活用を進める組織的な取り組み
Avatar for Cygames cygames
PRO
1
2k
【CEDEC2025】ブランド力アップのためのコンテンツマーケティング~ゲーム会社における情報資産の活かし方~
Avatar for Cygames cygames
PRO
0
160
反脆弱性(アンチフラジャイル)とデータ基盤構築
Avatar for CUEBiC Inc. cuebic9bic
2
120

Featured

See All Featured
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
301
51k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
251
21k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.6k
Code Review Best Practice
Avatar for Trisha Gee trishagee
69
19k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
Navigating Team Friction
Avatar for Lara Hogan lara
188
15k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.5k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
462
33k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
30
5.9k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
139
34k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k

Transcript

  1. M365 Security Review

  2. # whoami • Pralhad Chaskar • Security Consultant with Help

    AG • One of Null Dubai Chapter Lead • @c0d3xpl0it

  3. # Agenda • What is M365 ? • Why we

    need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A

  4. What is M365 ?

  5. Why we need to audit M365 ?

  6. Permissions to perform Security Audit

  7. Restrict Access to Azure Portal

  8. Conditional Access Policy

  9. Tenant Creation

  10. Disable LinkedIn account connection

  11. User App Registration

  12. Sample Malicious App

  13. Keep User Signed In

  14. External Identities Collaboration settings

  15. Sharepoint External Sharing

  16. Sharepoint Sign-out users on inactivity

  17. Disable External Sharing

  18. Disable External Sharing

  19. Disable External Sharing

  20. Disable Third-Party Apps Access

  21. Legacy Authentication in Use

  22. Notification on Password Reset (for admins)

  23. Custom Banned Passwords not used

  24. MFA Status Disabled - The user is marked Disabled when

    he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.

  25. Enabled Domain Users/Guest with MFA Status

  26. MFA Status for Privileged Users

  27. Disable SMS/Call to Phone 2FA

  28. Disable unused Apps

  29. Teams Permissions

  30. Teams Sharing

  31. MFA for joining devices

  32. Company Branding on Sign-in Page

  33. Enable Security Defaults

  34. Identity Secure Score

  35. Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/

    • https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/

  36. Elon got you covered • http://msportals.io/ • https://cmd.ms/

  37. Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-

    Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0

  38. Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect

  39. How can we learn or Playground for M365

  40. None