Upgrade to Pro — share decks privately, control downloads, hide ads and more …

M365 Security Review

Avatar for Pralhad Chaskar Pralhad Chaskar
November 26, 2022
Technology
0
360

M365 Security Review

Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Avatar for Pralhad Chaskar

Pralhad Chaskar

November 26, 2022
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
RDP Hijacking
Avatar for Pralhad Chaskar c0d3xpl0it
0
410
AWS IAM Privilege Escalation Methods
Avatar for Pralhad Chaskar c0d3xpl0it
0
240
Pwning O365 Infrastructure
Avatar for Pralhad Chaskar c0d3xpl0it
0
590
AWS Security Assessment
Avatar for Pralhad Chaskar c0d3xpl0it
0
1.4k
Bloodhound 2.0
Avatar for Pralhad Chaskar c0d3xpl0it
0
180
Auditing ACLs on Active Directory
Avatar for Pralhad Chaskar c0d3xpl0it
0
170
Adversay Emulation using Caldera
Avatar for Pralhad Chaskar c0d3xpl0it
1
150
GPO Vs Applocker Restrictions
Avatar for Pralhad Chaskar c0d3xpl0it
0
660
Introduction Atomic Red Team Framework
Avatar for Pralhad Chaskar c0d3xpl0it
0
340

Other Decks in Technology

See All in Technology
vLLM meetup Tokyo
Avatar for jpishikawa jpishikawa
1
200
型システムを知りたい人のための型検査器作成入門
Avatar for Yusuke Endoh mame
14
3.6k
AWS と定理証明 〜ポリシー言語 Cedar 開発の舞台裏〜 #fp_matsuri / FP Matsuri 2025
Avatar for y_taka_23 ytaka23
9
2.3k
「どこにある?」の解決。生成AI(RAG)で効率化するガバメントクラウド運用
Avatar for Toru_Kubota toru_kubota
2
320
AWS全冠したので振りかえってみる
Avatar for tajimon tajimon
0
130
Monorepo Error Management: Automated Runbooks and Team-Targeted Alert Distribution
Avatar for Shota Iwami biwashi
1
180
生成AIをテストプロセスに活用し"よう"としている話 #jasstnano
Avatar for Makky makky_tyuyan
0
140
All About Sansan – for New Global Engineers
Avatar for Sansan, Inc. sansan33
PRO
1
1.2k
Sansan Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
2.1k
Whats_new_in_Podman_and_CRI-O_2025-06
Avatar for orimanabu orimanabu
3
170
評価の納得感を2段階高める「構造化フィードバック」
Avatar for あろえ aloerina
1
140
Model Mondays S2E01: Advanced Reasoning
Avatar for Nitya Narasimhan, PhD nitya
0
290

Featured

See All Featured
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
50
8.3k
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
134
9.3k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
123
52k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
Building Adaptive Systems
Avatar for Chris Keathley keathley
43
2.6k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
411
22k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
184
22k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
161
15k
Making Projects Easy
Avatar for Brett Harned brettharned
116
6.2k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
22k

Transcript

  1. M365 Security Review

  2. # whoami • Pralhad Chaskar • Security Consultant with Help

    AG • One of Null Dubai Chapter Lead • @c0d3xpl0it

  3. # Agenda • What is M365 ? • Why we

    need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A

  4. What is M365 ?

  5. Why we need to audit M365 ?

  6. Permissions to perform Security Audit

  7. Restrict Access to Azure Portal

  8. Conditional Access Policy

  9. Tenant Creation

  10. Disable LinkedIn account connection

  11. User App Registration

  12. Sample Malicious App

  13. Keep User Signed In

  14. External Identities Collaboration settings

  15. Sharepoint External Sharing

  16. Sharepoint Sign-out users on inactivity

  17. Disable External Sharing

  18. Disable External Sharing

  19. Disable External Sharing

  20. Disable Third-Party Apps Access

  21. Legacy Authentication in Use

  22. Notification on Password Reset (for admins)

  23. Custom Banned Passwords not used

  24. MFA Status Disabled - The user is marked Disabled when

    he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.

  25. Enabled Domain Users/Guest with MFA Status

  26. MFA Status for Privileged Users

  27. Disable SMS/Call to Phone 2FA

  28. Disable unused Apps

  29. Teams Permissions

  30. Teams Sharing

  31. MFA for joining devices

  32. Company Branding on Sign-in Page

  33. Enable Security Defaults

  34. Identity Secure Score

  35. Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/

    • https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/

  36. Elon got you covered • http://msportals.io/ • https://cmd.ms/

  37. Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-

    Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0

  38. Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect

  39. How can we learn or Playground for M365

  40. None