Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Pralhad Chaskar
November 26, 2022
Technology
420
0
Share
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
460
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
280
Pwning O365 Infrastructure
c0d3xpl0it
0
620
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
220
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
710
Introduction Atomic Red Team Framework
c0d3xpl0it
0
390
Other Decks in Technology
See All in Technology
AIエージェント時代に必要な オペレーションマネージャーのロールとは
kentarofujii
0
290
契約書からの情報抽出を行うLLMのスループットを、バッチ処理を用いて最大40%改善した話
sansantech
PRO
3
340
The essence of decision-making lies in primary data
kaminashi
0
230
TUNA Camp 2026 京都Stage ヒューリスティックアルゴリズム入門
terryu16
0
670
Move Fast and Break Things: 10 in 20
ramimac
0
120
JAWS DAYS 2026でAIの「もやっと」感が解消された話
smt7174
1
120
Sansanの認証基盤を支えるアーキテクチャとその振り返り
sansantech
PRO
1
150
Why we keep our community?
kawaguti
PRO
0
370
推し活エージェント
yuntan_t
1
440
Podcast配信で広がったアウトプットの輪~70人と音声発信してきた7年間~/outputconf_01
fortegp05
0
200
20260326_AIDD事例紹介_ULSC.pdf
findy_eventslides
0
400
Amazon Qはアマコネで頑張っています〜 Amazon Q in Connectについて〜
yama3133
1
170
Featured
See All Featured
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.2k
Java REST API Framework Comparison - PWX 2021
mraible
34
9.2k
Into the Great Unknown - MozCon
thekraken
40
2.3k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
9k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.1k
Ethics towards AI in product and experience design
skipperchong
2
250
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
140
Documentation Writing (for coders)
carmenintech
77
5.3k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
240
Imperfection Machines: The Place of Print at Facebook
scottboms
270
14k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.3k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
c0d3xpl0it
kentarofujii
sansantech
kaminashi
terryu16
ramimac
smt7174
kawaguti
yuntan_t
fortegp05
findy_eventslides
yama3133
inesmontani
mraible
thekraken
aleyda
marcelosomers
skipperchong
techseoconnect
carmenintech
uxyall
scottboms
signer
