Upgrade to Pro — share decks privately, control downloads, hide ads and more …

M365 Security Review

Avatar for Pralhad Chaskar Pralhad Chaskar
November 26, 2022
Technology
0
390

M365 Security Review

Presented at null Dubai Meet 26 Nov 2022 Monthly Meet

Avatar for Pralhad Chaskar

Pralhad Chaskar

November 26, 2022
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
RDP Hijacking
Avatar for Pralhad Chaskar c0d3xpl0it
0
440
AWS IAM Privilege Escalation Methods
Avatar for Pralhad Chaskar c0d3xpl0it
0
250
Pwning O365 Infrastructure
Avatar for Pralhad Chaskar c0d3xpl0it
0
600
AWS Security Assessment
Avatar for Pralhad Chaskar c0d3xpl0it
0
1.4k
Bloodhound 2.0
Avatar for Pralhad Chaskar c0d3xpl0it
0
190
Auditing ACLs on Active Directory
Avatar for Pralhad Chaskar c0d3xpl0it
0
190
Adversay Emulation using Caldera
Avatar for Pralhad Chaskar c0d3xpl0it
1
170
GPO Vs Applocker Restrictions
Avatar for Pralhad Chaskar c0d3xpl0it
0
680
Introduction Atomic Red Team Framework
Avatar for Pralhad Chaskar c0d3xpl0it
0
370

Other Decks in Technology

See All in Technology
Datadog On-Call と Cloud SIEM で作る SOC 基盤
Avatar for Yoshiki Kurihara kuriyosh
0
160
Pythonで構築する全国市町村ナレッジグラフ: GraphRAGを用いた意味的地域検索への応用
Avatar for negi111111 negi111111
8
3.4k
Dart and Flutter MCP serverで実現する AI駆動E2Eテスト整備と自動操作
Avatar for Yuki Sakai yukisakai1225
0
330
3年ぶりの re:Invent 今年の意気込みと前回の振り返り
Avatar for kazzpapa3 kazzpapa3
0
200
AWS資格は取ったけどIAMロールを腹落ちできてなかったので、年内に整理してみた
Avatar for Hiroto hiro_eng_
0
200
仕様は“書く”より“語る” - 分断を超えたチーム開発の実践 / 20251115 Naoki Takahashi
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
370
バクラクの AI-BPO を支える AI エージェント 〜とそれを支える Bet AI Guild〜
Avatar for Tomoaki tomoaki25
2
570
フライトコントローラPX4の中身(制御器)を覗いてみた
Avatar for ざきまつ santana_hammer
1
140
AIでテストプロセスを自動化しよう251113.pdf
Avatar for K_SAK sakatakazunori
0
100
從裝潢設計圖到 Home Assistant:打造智慧家庭的實戰與踩坑筆記
Avatar for Kewang kewang
0
160
よくわからない人向けの IAM Identity Center とちょっとした落とし穴
Avatar for kazzpapa3 kazzpapa3
2
710
コミュニティと共に変化する 私とFusicの8年間
Avatar for MasayaYoshino ayasamind
0
450

Featured

See All Featured
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
9
970
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.2k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.1k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
73
11k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.1k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
192
56k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.9k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
269
13k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k

Transcript

  1. M365 Security Review

  2. # whoami • Pralhad Chaskar • Security Consultant with Help

    AG • One of Null Dubai Chapter Lead • @c0d3xpl0it

  3. # Agenda • What is M365 ? • Why we

    need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A

  4. What is M365 ?

  5. Why we need to audit M365 ?

  6. Permissions to perform Security Audit

  7. Restrict Access to Azure Portal

  8. Conditional Access Policy

  9. Tenant Creation

  10. Disable LinkedIn account connection

  11. User App Registration

  12. Sample Malicious App

  13. Keep User Signed In

  14. External Identities Collaboration settings

  15. Sharepoint External Sharing

  16. Sharepoint Sign-out users on inactivity

  17. Disable External Sharing

  18. Disable External Sharing

  19. Disable External Sharing

  20. Disable Third-Party Apps Access

  21. Legacy Authentication in Use

  22. Notification on Password Reset (for admins)

  23. Custom Banned Passwords not used

  24. MFA Status Disabled - The user is marked Disabled when

    he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.

  25. Enabled Domain Users/Guest with MFA Status

  26. MFA Status for Privileged Users

  27. Disable SMS/Call to Phone 2FA

  28. Disable unused Apps

  29. Teams Permissions

  30. Teams Sharing

  31. MFA for joining devices

  32. Company Branding on Sign-in Page

  33. Enable Security Defaults

  34. Identity Secure Score

  35. Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/

    • https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/

  36. Elon got you covered • http://msportals.io/ • https://cmd.ms/

  37. Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-

    Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0

  38. Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect

  39. How can we learn or Playground for M365

  40. None