Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Pralhad Chaskar
November 26, 2022
Technology
420
0
Share
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
460
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
280
Pwning O365 Infrastructure
c0d3xpl0it
0
620
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
220
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
710
Introduction Atomic Red Team Framework
c0d3xpl0it
0
390
Other Decks in Technology
See All in Technology
非同期・イベント駆動処理の分散トレーシングの繋げ方
ichikawaken
1
250
Cortex Codeでデータの仕事を全部Agenticにやりきろう!
gappy50
0
230
マルチモーダル非構造データとの闘い
shibuiwilliam
1
150
SSoT(Single Source of Truth)で「壊して再生」する設計
kawauso
2
420
Oracle Cloud Infrastructure:2026年3月度サービス・アップデート
oracle4engineer
PRO
0
320
制約を設計する - 非決定性との境界線 / Designing constraints
soudai
PRO
4
900
AIエージェント時代に必要な オペレーションマネージャーのロールとは
kentarofujii
0
290
Why we keep our community?
kawaguti
PRO
0
370
Sansanの認証基盤を支えるアーキテクチャとその振り返り
sansantech
PRO
1
150
Bref でサービスを運用している話
sgash708
0
220
AI時代のシステム開発者の仕事_20260328
sengtor
0
320
OPENLOGI Company Profile for engineer
hr01
1
62k
Featured
See All Featured
Color Theory Basics | Prateek | Gurzu
gurzu
0
270
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
120
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
New Earth Scene 8
popppiees
2
2k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.9k
We Have a Design System, Now What?
morganepeng
55
8.1k
Practical Orchestrator
shlominoach
191
11k
Darren the Foodie - Storyboard
khoart
PRO
3
3.1k
AI: The stuff that nobody shows you
jnunemaker
PRO
4
500
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
Docker and Python
trallard
47
3.8k
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.4k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
c0d3xpl0it
ichikawaken
gappy50
shibuiwilliam
kawauso
oracle4engineer
soudai
kentarofujii
kawaguti
sansantech
sgash708
sengtor
hr01
gurzu
techseoconnect
keithpitt
popppiees
reverentgeek
morganepeng
shlominoach
khoart
jnunemaker
panda_program
trallard
dougneiner
