Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
M365 Security Review
Search
Pralhad Chaskar
November 26, 2022
Technology
0
310
M365 Security Review
Presented at null Dubai Meet 26 Nov 2022 Monthly Meet
Pralhad Chaskar
November 26, 2022
Tweet
Share
More Decks by Pralhad Chaskar
See All by Pralhad Chaskar
RDP Hijacking
c0d3xpl0it
0
380
AWS IAM Privilege Escalation Methods
c0d3xpl0it
0
230
Pwning O365 Infrastructure
c0d3xpl0it
0
550
AWS Security Assessment
c0d3xpl0it
0
1.3k
Bloodhound 2.0
c0d3xpl0it
0
170
Auditing ACLs on Active Directory
c0d3xpl0it
0
140
Adversay Emulation using Caldera
c0d3xpl0it
1
130
GPO Vs Applocker Restrictions
c0d3xpl0it
0
600
Introduction Atomic Red Team Framework
c0d3xpl0it
0
320
Other Decks in Technology
See All in Technology
DroidKaigi 2024 たすけて!ViewModel
mhidaka
5
1k
学術機関におけるID連携とOpenID Connect
fujie
0
310
AIで変わるテスト自動化:最新ツールの多様なアプローチ/ 20240910 Takahiro Kaneyama
shift_evolve
0
250
忙しい人のためのLangGraph概要まとめ
__ymgc__
1
200
Swift Testingのconfirmationを コードリーディング/Dive into Swift Testing confirmation
laprasdrum
2
270
プロダクトエンジニアを支えるための開発生産性向上施策
tsukakei
0
150
PDF Viewer作成の今までとこれから
hunachi
0
480
再考 アクターモデル/ reconsider actor model
ytake
0
370
JTCや セキュリティチェックリストが夢の跡
nikinusu
1
780
サーバー管理しないサーバーサービスManaged DevOps Pool
kkamegawa
0
140
開発生産性を始める前に開発チームができること / optim-improve-development-productivity.pdf
optim
0
150
Google CloudのLLM活用の選択肢を広げるVertex AIのパートナーモデル
nayuts
0
130
Featured
See All Featured
YesSQL, Process and Tooling at Scale
rocio
167
14k
Bootstrapping a Software Product
garrettdimon
PRO
304
110k
The Art of Programming - Codeland 2020
erikaheidi
48
13k
How to name files
jennybc
75
98k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.3k
Designing on Purpose - Digital PM Summit 2013
jponch
114
6.8k
The Cult of Friendly URLs
andyhume
76
6k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
227
52k
KATA
mclloyd
27
13k
Pencils Down: Stop Designing & Start Developing
hursman
119
11k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
26
1.9k
StorybookのUI Testing Handbookを読んだ
zakiyama
26
5.1k
Transcript
M365 Security Review
# whoami • Pralhad Chaskar • Security Consultant with Help
AG • One of Null Dubai Chapter Lead • @c0d3xpl0it
# Agenda • What is M365 ? • Why we
need to audit M365 ? • What permissions needed to perform M365 audit ? • Checks to be performed • References • Q n A
What is M365 ?
Why we need to audit M365 ?
Permissions to perform Security Audit
Restrict Access to Azure Portal
Conditional Access Policy
Tenant Creation
Disable LinkedIn account connection
User App Registration
Sample Malicious App
Keep User Signed In
External Identities Collaboration settings
Sharepoint External Sharing
Sharepoint Sign-out users on inactivity
Disable External Sharing
Disable External Sharing
Disable External Sharing
Disable Third-Party Apps Access
Legacy Authentication in Use
Notification on Password Reset (for admins)
Custom Banned Passwords not used
MFA Status Disabled - The user is marked Disabled when
he has not been enrolled for MFA. Enabled - The user is marked Enabled when he has been enrolled in MFA but has not completed the registration process. Enforced - The user is marked Enforced when he has completed the MFA registration process.
Enabled Domain Users/Guest with MFA Status
MFA Status for Privileged Users
Disable SMS/Call to Phone 2FA
Disable unused Apps
Teams Permissions
Teams Sharing
MFA for joining devices
Company Branding on Sign-in Page
Enable Security Defaults
Identity Secure Score
Important URLs for Audit • https://portal.azure.com/ • https://portal.office.com/adminportal/home • https://security.microsoft.com/
• https://admin.microsoft.com/Adminportal/ Home#/homepage • https://admin.exchange.microsoft.com/#/ • https://outlook.office.com/ecp/ • https://admin.teams.microsoft.com/ • https://xxxxx-admin.sharepoint.com/
Elon got you covered • http://msportals.io/ • https://cmd.ms/
Can I get detailed checklist ? • https://www.altaro.com/ebook/m365-security-checklist.php • https://pages.egnyte.com/rs/038-PTQ-391/images/White-paper-MS365-
Security_Control_Checklist.pdf • https://medium.com/falconforce/reducing-your-office365-attack- surface-1073a4d46a7b • https://medium.com/falconforce/reducing-your-office-365-attack- surface-99830a654d0
Automated Solutions • https://github.com/cisagov/ScubaGear • https://github.com/soteria-security/365Inspect
How can we learn or Playground for M365
None