Upgrade to Pro — share decks privately, control downloads, hide ads and more …

M365 Security Review

Avatar for Pralhad Chaskar Pralhad Chaskar
November 26, 2022
Technology
0
390

M365 Security Review

Presented at null Dubai Meet 26 Nov 2022 Monthly Meet

Avatar for Pralhad Chaskar

Pralhad Chaskar

November 26, 2022
Tweet

More Decks by Pralhad Chaskar

See All by Pralhad Chaskar
RDP Hijacking
Avatar for Pralhad Chaskar c0d3xpl0it
0
440
AWS IAM Privilege Escalation Methods
Avatar for Pralhad Chaskar c0d3xpl0it
0
250
Pwning O365 Infrastructure
Avatar for Pralhad Chaskar c0d3xpl0it
0
600
AWS Security Assessment
Avatar for Pralhad Chaskar c0d3xpl0it
0
1.4k
Bloodhound 2.0
Avatar for Pralhad Chaskar c0d3xpl0it
0
190
Auditing ACLs on Active Directory
Avatar for Pralhad Chaskar c0d3xpl0it
0
180
Adversay Emulation using Caldera
Avatar for Pralhad Chaskar c0d3xpl0it
1
160
GPO Vs Applocker Restrictions
Avatar for Pralhad Chaskar c0d3xpl0it
0
670
Introduction Atomic Red Team Framework
Avatar for Pralhad Chaskar c0d3xpl0it
0
360

Other Decks in Technology

See All in Technology
Why React!?? Next.jsそしてReactを改めてイチから選ぶ
Avatar for ypresto ypresto
10
3.9k
Modern_Data_Stack最新動向クイズ_買収_AI_激動の2025年_.pdf
Avatar for Sagara sagara
0
150
いまさら聞けない ABテスト入門
Avatar for 木村彩恵(skmr2348) skmr2348
1
170
AIが書いたコードをAIが検証する!自律的なモバイルアプリ開発の実現
Avatar for henteko henteko
1
240
AI×Data×SaaS×Operation
Avatar for SansanTech sansantech
PRO
0
110
Goに育てられ開発者向けセキュリティ事業を立ち上げた僕が今向き合う、AI × セキュリティの最前線 / Go Conference 2025
Avatar for GMO Flatt Security flatt_security
0
310
GopherCon Tour 概略
Avatar for Takuto Nagami logica0419
2
160
AI時代だからこそ考える、僕らが本当につくりたいスクラムチーム / A Scrum Team we really want to create in this AI era
Avatar for TAKAKING22 takaking22
4
1.6k
Function calling機能をPLaMo2に実装するには / PFN LLMセミナー
Avatar for Preferred Networks pfn
PRO
0
780
組織観点から IAM Identity CenterとIAMの設計を考える
Avatar for NRI Netcom nrinetcom
PRO
1
130
SoccerNet GSRの紹介と技術応用:選手視点映像を提供するサッカー作戦盤ツール
Avatar for MIXI ENGINEERS mixi_engineers
PRO
1
130
PLaMo2シリーズのvLLM実装 / PFN LLM セミナー
Avatar for Preferred Networks pfn
PRO
2
870

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
64
7.9k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
185
22k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
4k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
301
51k
Done Done
Avatar for chrislema chrislema
185
16k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
248
1.3M
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
513
110k
A better future with KSS
Avatar for Kyle Neath kneath
239
17k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.1k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
33
2.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
34
6.1k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
8
950

Transcript

  1. M365 Security Review

  2. # whoami • Pralhad Chaskar • Security Consultant with Help

    AG • One of Null Dubai Chapter Lead • @c0d3xpl0it

  3. # Agenda • What is M365 ? • Why we

    need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A

  4. What is M365 ?

  5. Why we need to audit M365 ?

  6. Permissions to perform Security Audit

  7. Restrict Access to Azure Portal

  8. Conditional Access Policy

  9. Tenant Creation

  10. Disable LinkedIn account connection

  11. User App Registration

  12. Sample Malicious App

  13. Keep User Signed In

  14. External Identities Collaboration settings

  15. Sharepoint External Sharing

  16. Sharepoint Sign-out users on inactivity

  17. Disable External Sharing

  18. Disable External Sharing

  19. Disable External Sharing

  20. Disable Third-Party Apps Access

  21. Legacy Authentication in Use

  22. Notification on Password Reset (for admins)

  23. Custom Banned Passwords not used

  24. MFA Status Disabled - The user is marked Disabled when

    he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.

  25. Enabled Domain Users/Guest with MFA Status

  26. MFA Status for Privileged Users

  27. Disable SMS/Call to Phone 2FA

  28. Disable unused Apps

  29. Teams Permissions

  30. Teams Sharing

  31. MFA for joining devices

  32. Company Branding on Sign-in Page

  33. Enable Security Defaults

  34. Identity Secure Score

  35. Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/

    • https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/

  36. Elon got you covered • http://msportals.io/ • https://cmd.ms/

  37. Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-

    Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0

  38. Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect

  39. How can we learn or Playground for M365

  40. None