M365 Security Review

Transcript

1. M365 Security Review

2. # whoami • Pralhad Chaskar • Security Consultant with Help

   AG • One of Null Dubai Chapter Lead • @c0d3xpl0it

3. # Agenda • What is M365 ? • Why we

   need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A

4. What is M365 ?

5. Why we need to audit M365 ?

6. Permissions to perform Security Audit

7. Restrict Access to Azure Portal

8. Conditional Access Policy

9. Tenant Creation

10. Disable LinkedIn account connection

11. User App Registration

12. Sample Malicious App

13. Keep User Signed In

14. External Identities Collaboration settings

15. Sharepoint External Sharing

16. Sharepoint Sign-out users on inactivity

17. Disable External Sharing

18. Disable External Sharing

19. Disable External Sharing

20. Disable Third-Party Apps Access

21. Legacy Authentication in Use

22. Notification on Password Reset (for admins)

23. Custom Banned Passwords not used

24. MFA Status Disabled - The user is marked Disabled when

    he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.

25. Enabled Domain Users/Guest with MFA Status

26. MFA Status for Privileged Users

27. Disable SMS/Call to Phone 2FA

28. Disable unused Apps

29. Teams Permissions

30. Teams Sharing

31. MFA for joining devices

32. Company Branding on Sign-in Page

33. Enable Security Defaults

34. Identity Secure Score

35. Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/

    • https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/

36. Elon got you covered • http://msportals.io/ • https://cmd.ms/

37. Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-

    Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0

38. Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect

39. How can we learn or Playground for M365

40. None