Upgrade to Pro — share decks privately, control downloads, hide ads and more …

M365 Security Review

Pralhad Chaskar
November 26, 2022
Technology
0
340

M365 Security Review

Presented at null Dubai Meet 26 Nov 2022 Monthly Meet

Pralhad Chaskar

November 26, 2022
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
410
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
240
Pwning O365 Infrastructure
c0d3xpl0it
0
580
AWS Security Assessment
c0d3xpl0it
0
1.3k
Bloodhound 2.0
c0d3xpl0it
0
170
Auditing ACLs on Active Directory
c0d3xpl0it
0
170
Adversay Emulation using Caldera
c0d3xpl0it
1
140
GPO Vs Applocker Restrictions
c0d3xpl0it
0
650
Introduction Atomic Red Team Framework
c0d3xpl0it
0
340

Other Decks in Technology

See All in Technology
SDカードフォレンジック
su3158
0
240
さくらの夕べ Debianナイト - さくらのVPS編
dictoss
0
180
DETR手法の変遷と最新動向(CVPR2025)
tenten0727
2
1.1k
Ops-JAWS_Organizations小ネタ3選.pdf
chunkof
2
120
All You Need Is Kusa 〜Slackデータで始めるデータドリブン〜
jonnojun
0
140
古き良き Laravel のシステムは関数型スタイルでリファクタできるのか
leveragestech
1
640
AIと開発者の共創: エージェント時代におけるAIフレンドリーなDevOpsの実践
bicstone
1
250
試験は暗記より理解 〜効果的な試験勉強とその後への活かし方〜
fukazawashun
0
340
20250413_湘南kaggler会_音声認識で使うのってメルス・・・なんだっけ?
sugupoko
1
390
Vision Pro X Text to 3D Model ~How Swift and Generative Al Unlock a New Era of Spatial Computing~
igaryo0506
0
260
Lakeflow Connectのご紹介
databricksjapan
0
100
Рекомендации с нуля: как мы в Lamoda превратили главную страницу в ключевую точку входа для персонализированного шоппинга. Данил Комаров, Data Scientist, Lamoda Tech
lamodatech
0
330

Featured

See All Featured
Scaling GitHub
holman
459
140k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
12k
Designing for Performance
lara
607
69k
Being A Developer After 40
akosma
91
590k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.3k
How to Ace a Technical Interview
jacobian
276
23k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.4k
Site-Speed That Sticks
csswizardry
5
480
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
19
1.1k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k

Transcript

  1. M365 Security Review

  2. # whoami • Pralhad Chaskar • Security Consultant with Help

    AG • One of Null Dubai Chapter Lead • @c0d3xpl0it

  3. # Agenda • What is M365 ? • Why we

    need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A

  4. What is M365 ?

  5. Why we need to audit M365 ?

  6. Permissions to perform Security Audit

  7. Restrict Access to Azure Portal

  8. Conditional Access Policy

  9. Tenant Creation

  10. Disable LinkedIn account connection

  11. User App Registration

  12. Sample Malicious App

  13. Keep User Signed In

  14. External Identities Collaboration settings

  15. Sharepoint External Sharing

  16. Sharepoint Sign-out users on inactivity

  17. Disable External Sharing

  18. Disable External Sharing

  19. Disable External Sharing

  20. Disable Third-Party Apps Access

  21. Legacy Authentication in Use

  22. Notification on Password Reset (for admins)

  23. Custom Banned Passwords not used

  24. MFA Status Disabled - The user is marked Disabled when

    he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.

  25. Enabled Domain Users/Guest with MFA Status

  26. MFA Status for Privileged Users

  27. Disable SMS/Call to Phone 2FA

  28. Disable unused Apps

  29. Teams Permissions

  30. Teams Sharing

  31. MFA for joining devices

  32. Company Branding on Sign-in Page

  33. Enable Security Defaults

  34. Identity Secure Score

  35. Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/

    • https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/

  36. Elon got you covered • http://msportals.io/ • https://cmd.ms/

  37. Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-

    Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0

  38. Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect

  39. How can we learn or Playground for M365

  40. None