Upgrade to Pro — share decks privately, control downloads, hide ads and more …

M365 Security Review

Avatar for Pralhad Chaskar Pralhad Chaskar
November 26, 2022
Technology
0
390

M365 Security Review

Presented at null Dubai Meet 26 Nov 2022 Monthly Meet

Avatar for Pralhad Chaskar

Pralhad Chaskar

November 26, 2022
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
RDP Hijacking
Avatar for Pralhad Chaskar c0d3xpl0it
0
440
AWS IAM Privilege Escalation Methods
Avatar for Pralhad Chaskar c0d3xpl0it
0
250
Pwning O365 Infrastructure
Avatar for Pralhad Chaskar c0d3xpl0it
0
600
AWS Security Assessment
Avatar for Pralhad Chaskar c0d3xpl0it
0
1.4k
Bloodhound 2.0
Avatar for Pralhad Chaskar c0d3xpl0it
0
190
Auditing ACLs on Active Directory
Avatar for Pralhad Chaskar c0d3xpl0it
0
180
Adversay Emulation using Caldera
Avatar for Pralhad Chaskar c0d3xpl0it
1
160
GPO Vs Applocker Restrictions
Avatar for Pralhad Chaskar c0d3xpl0it
0
680
Introduction Atomic Red Team Framework
Avatar for Pralhad Chaskar c0d3xpl0it
0
360

Other Decks in Technology

See All in Technology
AI駆動で進める依存ライブラリ更新 ─ Vue プロジェクトの品質向上と開発スピード改善の実践録
Avatar for sayn0 sayn0
1
200
事業開発におけるDify活用事例
Avatar for KentaroFujii kentarofujii
5
1.3k
Introduction to Sansan Meishi Maker Development Engineer
Avatar for Sansan, Inc. sansan33
PRO
0
310
Implementing and Evaluating a High-Level Language with WasmGC and the Wasm Component Model: Scala’s Case
Avatar for Rikito Taniguchi tanishiking
0
170
名刺メーカーDevグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
940
SQLAlchemy の select(User).where(User.id =="123") を理解してみる/sqlalchemy deep dive
Avatar for Ryusei Ohkura 3l4l5
3
290
Introduction to Sansan for Engineers / エンジニア向け会社紹介
Avatar for Sansan, Inc. sansan33
PRO
5
43k
ハノーファーメッセ2025で見た生成AI活用ユースケース.pdf
Avatar for 濱田孝治 hamadakoji
0
410
OSSで50の競合と戦うためにやったこと
Avatar for yamadashy / やまだし yamadashy
3
960
RDS の負荷が高い場合に AWS で取りうる具体策 N 連発/a-series-of-specific-countermeasures-available-on-aws-when-rds-is-under-high-load
Avatar for emi emiki
7
4.6k
ソースを読むプロセスの例
Avatar for Satoru Takeuchi sat
PRO
15
9.8k
Databricks AI/BI Genie の「値ディクショナリー」をAmazonの奥地(S3)まで見に行く
Avatar for camay kameitomohiro
1
390

Featured

See All Featured
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.5k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
209
24k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
127
17k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
65
7.9k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
11k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.5k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.2k
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
53k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
73
11k
KATA
Avatar for Megan Lloyd mclloyd
PRO
32
15k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
285
14k
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k

Transcript

  1. M365 Security Review

  2. # whoami • Pralhad Chaskar • Security Consultant with Help

    AG • One of Null Dubai Chapter Lead • @c0d3xpl0it

  3. # Agenda • What is M365 ? • Why we

    need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A

  4. What is M365 ?

  5. Why we need to audit M365 ?

  6. Permissions to perform Security Audit

  7. Restrict Access to Azure Portal

  8. Conditional Access Policy

  9. Tenant Creation

  10. Disable LinkedIn account connection

  11. User App Registration

  12. Sample Malicious App

  13. Keep User Signed In

  14. External Identities Collaboration settings

  15. Sharepoint External Sharing

  16. Sharepoint Sign-out users on inactivity

  17. Disable External Sharing

  18. Disable External Sharing

  19. Disable External Sharing

  20. Disable Third-Party Apps Access

  21. Legacy Authentication in Use

  22. Notification on Password Reset (for admins)

  23. Custom Banned Passwords not used

  24. MFA Status Disabled - The user is marked Disabled when

    he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.

  25. Enabled Domain Users/Guest with MFA Status

  26. MFA Status for Privileged Users

  27. Disable SMS/Call to Phone 2FA

  28. Disable unused Apps

  29. Teams Permissions

  30. Teams Sharing

  31. MFA for joining devices

  32. Company Branding on Sign-in Page

  33. Enable Security Defaults

  34. Identity Secure Score

  35. Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/

    • https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/

  36. Elon got you covered • http://msportals.io/ • https://cmd.ms/

  37. Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-

    Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0

  38. Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect

  39. How can we learn or Playground for M365

  40. None