Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Pralhad Chaskar
November 26, 2022
Technology
0
380
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
430
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
250
Pwning O365 Infrastructure
c0d3xpl0it
0
600
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
190
Auditing ACLs on Active Directory
c0d3xpl0it
0
180
Adversay Emulation using Caldera
c0d3xpl0it
1
160
GPO Vs Applocker Restrictions
c0d3xpl0it
0
670
Introduction Atomic Red Team Framework
c0d3xpl0it
0
360
Other Decks in Technology
See All in Technology
「何となくテストする」を卒業するためにプロダクトが動く仕組みを理解しよう
kawabeaver
0
410
allow_retry と Arel.sql / allow_retry and Arel.sql
euglena1215
1
170
RSCの時代にReactとフレームワークの境界を探る
uhyo
10
3.4k
Generative AI Japan 第一回生成AI実践研究会「AI駆動開発の現在地──ブレイクスルーの鍵を握るのはデータ領域」
shisyu_gaku
0
170
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
4
10k
要件定義・デザインフェーズでもAIを活用して、コミュニケーションの密度を高める
kazukihayase
0
110
[ JAWS-UG 東京 CommunityBuilders Night #2 ]SlackとAmazon Q Developerで 運用効率化を模索する
sh_fk2
3
410
La gouvernance territoriale des données grâce à la plateforme Terreze
bluehats
0
170
共有と分離 - Compose Multiplatform "本番導入" の設計指針
error96num
2
470
複数サービスを支える マルチテナント型 Batch MLプラットフォーム
lycorptech_jp
PRO
0
360
Agile PBL at New Grads Trainings
kawaguti
PRO
1
430
DevIO2025_継続的なサービス開発のための技術的意思決定のポイント / how-to-tech-decision-makaing-devio2025
nologyance
1
390
Featured
See All Featured
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Designing Experiences People Love
moore
142
24k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
188
55k
Docker and Python
trallard
45
3.6k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
580
4 Signs Your Business is Dying
shpigford
184
22k
Optimizing for Happiness
mojombo
379
70k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.1k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
Unsuck your backbone
ammeep
671
58k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
c0d3xpl0it
kawabeaver
euglena1215
uhyo
shisyu_gaku
oracle4engineer
kazukihayase
sh_fk2
bluehats
error96num
lycorptech_jp
kawaguti
nologyance
pedronauck
moore
soudai
trallard
kevinliebholz
iamctodd
bluesmoon
shpigford
mojombo
zakiyama
sstephenson
ammeep
