Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Pralhad Chaskar
November 26, 2022
Technology
430
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
Unfurling AI
c0d3xpl0it
0
33
RDP Hijacking
c0d3xpl0it
0
480
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
290
Pwning O365 Infrastructure
c0d3xpl0it
0
630
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
230
Adversay Emulation using Caldera
c0d3xpl0it
1
190
GPO Vs Applocker Restrictions
c0d3xpl0it
0
720
Other Decks in Technology
See All in Technology
不要なレビューをAIにまかせて AIコーディングの環境改善を加速した
shoota
1
240
【Cyber-sec+】経営層を"動かす"ための考え方
hssh2_bin
0
200
小さく始める AI 活用推進 ― 日経電子版 Web チームの事例/nikkei-tech-talk47
nikkei_engineer_recruiting
0
310
水を運ぶ人としてのリーダーシップ
izumii19
2
420
20260619 私の日常業務での生成 AI 活用
masaruogura
1
230
FPC(フレキシブル)基板にZephyr実装してみた。
iotengineer22
0
140
感情と身体を置き去りにしない、エンジニアの生きのこり方 ──いまから、ここから「自分の状態」を扱うという選択
saorimurooka
0
140
Oracle AI Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
6
2k
【セミナー資料】Claude Code をセキュアに使うための考え方と設定の勘どころ / Claude Code Webinar 20260616
masahirokawahara
2
430
クラウドファンディング版StackChan 3体(4体)をインタラクティブな体験型作品にして展示もした話 / スタックチャンお誕生日会2026
you
PRO
0
140
When Platform Engineering Meets GenAI
sucitw
0
140
気軽に使える"情報のハブ"としてのNotion活用 〜フロー情報の集積点 と、 Claude Code × Notion AI〜
syucream
1
160
Featured
See All Featured
Design in an AI World
tapps
1
250
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
230
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
200
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
Marketing to machines
jonoalderson
1
5.5k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.4k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.2k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
1.1k
Code Reviewing Like a Champion
maltzj
528
40k
Mobile First: as difficult as doing things right
swwweet
225
10k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.3k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
c0d3xpl0it
shoota
hssh2_bin
nikkei_engineer_recruiting
izumii19
masaruogura
iotengineer22
saorimurooka
oracle4engineer
masahirokawahara
you
sucitw
syucream
tapps
pwiseman
greggifford
reverentgeek
jonoalderson
jeffersonlam
irinanazarova
maggiecrowley
szymonslowik
maltzj
swwweet
aleyda
