Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Pralhad Chaskar
November 26, 2022
Technology
430
0
Share
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
Unfurling AI
c0d3xpl0it
0
28
RDP Hijacking
c0d3xpl0it
0
470
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
290
Pwning O365 Infrastructure
c0d3xpl0it
0
630
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
220
Adversay Emulation using Caldera
c0d3xpl0it
1
190
GPO Vs Applocker Restrictions
c0d3xpl0it
0
720
Other Decks in Technology
See All in Technology
サイバーセキュリティ概論 / Introduction to Cybersecurity
ks91
PRO
0
100
開発を止めない CI/CD ~CI Visibilityによる継続的最適化~
pensuke628
0
230
【Gen-AX】20260530開催_JJUG CCC 2026 Spring
genax
0
230
Strands Agents超入門
kintotechdev
1
150
サプライチェーンセキュリティの空白地帯 - 信頼できる”依存性”の未来を考える
rung
PRO
2
600
GitHub Copilot CLIでWebアクセシビリティを改善した話
tomokusaba
0
140
Oracle AI Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
6
1.8k
AI時代から振り返るTerraform drift運用の歴史 / AI Age Reflections on the History of Terraform Drift Operations
aeonpeople
2
630
React、まだ楽しくて草
uhyo
7
3.6k
GoとSIMDとWasmの今。
askua
2
420
Anthropic AIネイティブ・スタートアップ構築のプレイブック を理解する
nagatsu
0
230
20260528_生成AIを専属DSに_Howの次にすべきことを考える
doradora09
PRO
0
270
Featured
See All Featured
Building the Perfect Custom Keyboard
takai
2
780
It's Worth the Effort
3n
188
29k
SEO for Brand Visibility & Recognition
aleyda
0
4.6k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.2k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
150
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
180
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
1
230
We Have a Design System, Now What?
morganepeng
55
8.2k
Exploring anti-patterns in Rails
aemeredith
3
380
Art, The Web, and Tiny UX
lynnandtonic
304
22k
Rebuilding a faster, lazier Slack
samanthasiow
85
9.5k
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
220
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
c0d3xpl0it
ks91
pensuke628
.png){kind=avatar}
genax
kintotechdev
rung
tomokusaba
oracle4engineer
aeonpeople
uhyo
askua
nagatsu
doradora09
takai
3n
aleyda
inesmontani
davidcarrasco
tmiket
baasie
morganepeng
aemeredith
lynnandtonic
samanthasiow
dugsong
