Upgrade to Pro — share decks privately, control downloads, hide ads and more …

M365 Security Review

Avatar for Pralhad Chaskar Pralhad Chaskar
November 26, 2022
Technology
0
380

M365 Security Review

Presented at null Dubai Meet 26 Nov 2022 Monthly Meet

Avatar for Pralhad Chaskar

Pralhad Chaskar

November 26, 2022
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
RDP Hijacking
Avatar for Pralhad Chaskar c0d3xpl0it
0
430
AWS IAM Privilege Escalation Methods
Avatar for Pralhad Chaskar c0d3xpl0it
0
250
Pwning O365 Infrastructure
Avatar for Pralhad Chaskar c0d3xpl0it
0
590
AWS Security Assessment
Avatar for Pralhad Chaskar c0d3xpl0it
0
1.4k
Bloodhound 2.0
Avatar for Pralhad Chaskar c0d3xpl0it
0
190
Auditing ACLs on Active Directory
Avatar for Pralhad Chaskar c0d3xpl0it
0
180
Adversay Emulation using Caldera
Avatar for Pralhad Chaskar c0d3xpl0it
1
160
GPO Vs Applocker Restrictions
Avatar for Pralhad Chaskar c0d3xpl0it
0
670
Introduction Atomic Red Team Framework
Avatar for Pralhad Chaskar c0d3xpl0it
0
360

Other Decks in Technology

See All in Technology
プロダクトエンジニアリングで開発の楽しさを拡張する話
Avatar for sagawa / barometrica barometrica
0
210
[OCI Technical Deep Dive] OracleのAI戦略(2025年8月5日開催)
Avatar for oracle4engineer oracle4engineer
PRO
1
250
AIは変更差分からユニットテスト_結合テスト_システムテストでテストすべきことが出せるのか?
Avatar for Matsu mineo_matsuya
5
2.6k
JAWS-UG のイベントで使うハンズオンシナリオを Amazon Q Developer for CLI で作ってみた話
Avatar for kazzpapa3 kazzpapa3
0
120
Amazon Q と『音楽』-ゲーム音楽もAmazonQで作成してみた感想-
Avatar for いのうえ senseofunity129
0
170
Infrastructure as Prompt実装記 〜Bedrock AgentCoreで作る自然言語インフラエージェント〜
Avatar for Yusuke Shimizu yusukeshimizu
1
160
生成AIによるデータサイエンスの変革
Avatar for Takaaki Yayoi taka_aki
0
3.1k
MySQL HeatWave:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
3
1.6k
サービスロボット最前線:ugoが挑むPhysical AI活用
Avatar for Ken Matsui kmatsuiugo
0
140
マルチプロダクト×マルチテナントを支えるモジュラモノリスを中心としたアソビューのアーキテクチャ
Avatar for disc99 disc99
1
660
PFEM Online Feature Flag @ newmo
Avatar for tobi shinyaishitobi
1
150
20250818_KGX・One Hokkaidoコラボイベント
Avatar for tohge05 tohgeyukihiro
0
110

Featured

See All Featured
KATA
Avatar for Megan Lloyd mclloyd
32
14k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
462
33k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
110
20k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1031
460k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
45
7.6k
Side Projects
Avatar for Sacha Greif sachag
455
43k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
8
560
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
25
1.8k

Transcript

  1. M365 Security Review

  2. # whoami • Pralhad Chaskar • Security Consultant with Help

    AG • One of Null Dubai Chapter Lead • @c0d3xpl0it

  3. # Agenda • What is M365 ? • Why we

    need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A

  4. What is M365 ?

  5. Why we need to audit M365 ?

  6. Permissions to perform Security Audit

  7. Restrict Access to Azure Portal

  8. Conditional Access Policy

  9. Tenant Creation

  10. Disable LinkedIn account connection

  11. User App Registration

  12. Sample Malicious App

  13. Keep User Signed In

  14. External Identities Collaboration settings

  15. Sharepoint External Sharing

  16. Sharepoint Sign-out users on inactivity

  17. Disable External Sharing

  18. Disable External Sharing

  19. Disable External Sharing

  20. Disable Third-Party Apps Access

  21. Legacy Authentication in Use

  22. Notification on Password Reset (for admins)

  23. Custom Banned Passwords not used

  24. MFA Status Disabled - The user is marked Disabled when

    he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.

  25. Enabled Domain Users/Guest with MFA Status

  26. MFA Status for Privileged Users

  27. Disable SMS/Call to Phone 2FA

  28. Disable unused Apps

  29. Teams Permissions

  30. Teams Sharing

  31. MFA for joining devices

  32. Company Branding on Sign-in Page

  33. Enable Security Defaults

  34. Identity Secure Score

  35. Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/

    • https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/

  36. Elon got you covered • http://msportals.io/ • https://cmd.ms/

  37. Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-

    Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0

  38. Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect

  39. How can we learn or Playground for M365

  40. None