Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Pralhad Chaskar
November 26, 2022
Technology
0
390
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
440
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
250
Pwning O365 Infrastructure
c0d3xpl0it
0
600
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
190
Auditing ACLs on Active Directory
c0d3xpl0it
0
180
Adversay Emulation using Caldera
c0d3xpl0it
1
160
GPO Vs Applocker Restrictions
c0d3xpl0it
0
670
Introduction Atomic Red Team Framework
c0d3xpl0it
0
360
Other Decks in Technology
See All in Technology
Why React!?? Next.jsそしてReactを改めてイチから選ぶ
ypresto
10
3.9k
Modern_Data_Stack最新動向クイズ_買収_AI_激動の2025年_.pdf
sagara
0
150
いまさら聞けない ABテスト入門
skmr2348
1
170
AIが書いたコードをAIが検証する!自律的なモバイルアプリ開発の実現
henteko
1
240
AI×Data×SaaS×Operation
sansantech
PRO
0
110
Goに育てられ開発者向けセキュリティ事業を立ち上げた僕が今向き合う、AI × セキュリティの最前線 / Go Conference 2025
flatt_security
0
310
GopherCon Tour 概略
logica0419
2
160
AI時代だからこそ考える、僕らが本当につくりたいスクラムチーム / A Scrum Team we really want to create in this AI era
takaking22
4
1.6k
Function calling機能をPLaMo2に実装するには / PFN LLMセミナー
pfn
PRO
0
780
組織観点からIAM Identity CenterとIAMの設計を考える
nrinetcom
PRO
1
130
SoccerNet GSRの紹介と技術応用:選手視点映像を提供するサッカー作戦盤ツール
mixi_engineers
PRO
1
130
PLaMo2シリーズのvLLM実装 / PFN LLM セミナー
pfn
PRO
2
870
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
64
7.9k
4 Signs Your Business is Dying
shpigford
185
22k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
The Invisible Side of Design
smashingmag
301
51k
Done Done
chrislema
185
16k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Large-scale JavaScript Application Architecture
addyosmani
513
110k
A better future with KSS
kneath
239
17k
Into the Great Unknown - MozCon
thekraken
40
2.1k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6.1k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
950
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None