Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Pralhad Chaskar
November 26, 2022
Technology
0
410
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
460
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
270
Pwning O365 Infrastructure
c0d3xpl0it
0
610
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
210
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
700
Introduction Atomic Red Team Framework
c0d3xpl0it
0
380
Other Decks in Technology
See All in Technology
マイグレーションガイドに書いてないRiverpod 3移行話
taiju59
0
140
フルスタックGoでスコア改ざんを防いだ話
ponyo877
0
520
インシデント対応入門
grimoh
7
5.1k
Claude Codeと駆け抜ける 情報収集と実践録
sontixyou
1
990
Three-Legged OAuth in AgentCore Gateway
hironobuiga
2
200
GitHub Copilot CLI 現状確認会議(2026年2月のすがた)
torumakabe
4
630
1 年間の育休から時短勤務で復帰した私が、 AI を駆使して立ち上がりを早めた話
lycorptech_jp
PRO
0
160
Exadata Fleet Update
oracle4engineer
PRO
0
1.2k
Interop Tokyo 2025 ShowNet Team Memberで学んだSRv6を基礎から丁寧に
miyukichi_ospf
0
190
競争優位を生み出す戦略的内製開発の実践技法
masuda220
PRO
2
440
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
57
47k
生成AI活用によるPRレビュー改善の歩み
lycorptech_jp
PRO
4
1.2k
Featured
See All Featured
Rails Girls Zürich Keynote
gr2m
96
14k
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
92
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
1
63
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
930
Speed Design
sergeychernyshev
33
1.6k
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
310
Building Adaptive Systems
keathley
44
2.9k
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
110
Ruling the World: When Life Gets Gamed
codingconduct
0
160
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
c0d3xpl0it
taiju59
ponyo877
grimoh
.jpeg){kind=avatar}
sontixyou
hironobuiga
torumakabe
lycorptech_jp
oracle4engineer
miyukichi_ospf
masuda220
gr2m
greggifford
cassininazir
ipullrank
davidcarrasco
szymonslowik
sergeychernyshev
jct
keathley
jdejongh
codingconduct
aleyda
