Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Pralhad Chaskar
November 26, 2022
Technology
0
410
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
460
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
270
Pwning O365 Infrastructure
c0d3xpl0it
0
610
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
210
Adversay Emulation using Caldera
c0d3xpl0it
1
180
GPO Vs Applocker Restrictions
c0d3xpl0it
0
700
Introduction Atomic Red Team Framework
c0d3xpl0it
0
380
Other Decks in Technology
See All in Technology
Claude Codeと駆け抜ける 情報収集と実践録
sontixyou
1
960
AITuberKit+Bedrock AgentCoreで作る 3Dキャラクターエージェント
yokomachi
2
1.6k
技術選定 したい人 したくない人
shirayanagiryuji
0
370
AI駆動開発とRAGプロダクトへの挑戦の軌跡 - 弁護士ドットコムでの学びから -
bengo4com
2
830
生成AI活用によるPRレビュー改善の歩み
lycorptech_jp
PRO
4
1.2k
Databricks (と気合い)で頑張るAI Agent 運用
kameitomohiro
0
240
AWSが推進する AI駆動開発ライフサイクル入門 〜 AI駆動開発時代に必要な人材とは 〜 / introduction_to_aidlc_and_skills
fatsushi
7
4.7k
Goで実現する堅牢なアーキテクチャ:DDD、gRPC-connect、そしてAI協調開発の実践
fujidomoe
3
740
AI時代のAPIファースト開発
nagix
1
540
技術キャッチアップ効率化を実現する記事推薦システムの構築
yudai00
2
140
Agent Skills 入門
puku0x
0
930
競争優位を生み出す戦略的内製開発の実践技法
masuda220
PRO
2
430
Featured
See All Featured
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
180
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
38
2.7k
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
960
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
290
The Language of Interfaces
destraynor
162
26k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
GraphQLとの向き合い方2022年版
quramy
50
14k
Scaling GitHub
holman
464
140k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Odyssey Design
rkendrick25
PRO
2
520
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
67
37k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
170
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
c0d3xpl0it
.jpeg){kind=avatar}
sontixyou
yokomachi
shirayanagiryuji
bengo4com
lycorptech_jp
kameitomohiro
fatsushi
fujidomoe
nagix
yudai00
puku0x
masuda220
427marketing
eileencodes
tamaranovitovic
katarinadahlin
destraynor
sugarenia
quramy
holman
wjessup
rkendrick25
akihiro_kokubo
nikkihalliwell
