Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Pralhad Chaskar
November 26, 2022
Technology
430
0
Share
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
Unfurling AI
c0d3xpl0it
0
29
RDP Hijacking
c0d3xpl0it
0
470
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
290
Pwning O365 Infrastructure
c0d3xpl0it
0
630
AWS Security Assessment
c0d3xpl0it
0
1.4k
Bloodhound 2.0
c0d3xpl0it
0
210
Auditing ACLs on Active Directory
c0d3xpl0it
0
220
Adversay Emulation using Caldera
c0d3xpl0it
1
190
GPO Vs Applocker Restrictions
c0d3xpl0it
0
720
Other Decks in Technology
See All in Technology
Ruby::Boxでできること、Refinementsでできること
joker1007
3
320
Kiro CLI v2.0.0がやってきた!
kentapapa
0
250
OpenClawとHermesAgentでAI新入社員を作った話
takanoriyanada
0
150
美味しいスイスチーズを作ろう🧀🐭
taigamikami
1
200
はじめてのDatadog
kairim0
0
250
エンジニアは生成AIと どのように向き合うべきか? ことばの意味という観点から
verypluming
3
310
Fabric-cicd によるAzure DevOps デプロイ
ryomaru0825
0
180
TROCCOで始めるクラウドコストを民主化するためのFinOps
tk3fftk
2
520
AI時代の私の技術インプットとアウトプット術
tonkotsuboy_com
15
8.1k
A Harness for Behaviour: how to get AI to generate code that does what we intend, or "TDD in the age of AI"
xpmatteo
1
540
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.8k
個人AIからチームAIへ:開発における品質と生産性の再設計
moongift
PRO
0
340
Featured
See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.5k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Paper Plane
katiecoart
PRO
1
50k
Why Our Code Smells
bkeepers
PRO
340
58k
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
65
55k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.2k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
570
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
2k
What's in a price? How to price your products and services
michaelherold
247
13k
Chasing Engaging Ingredients in Design
codingconduct
0
200
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
c0d3xpl0it
joker1007
kentapapa
takanoriyanada
taigamikami
kairim0
verypluming
ryomaru0825
tk3fftk
tonkotsuboy_com
xpmatteo
oracle4engineer
moongift
aki_iinuma
dougneiner
cassininazir
katiecoart
bkeepers
charlesmeaden
nwiizo
tammyeverts
baasie
aleyda
michaelherold
codingconduct
