1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'

Information

Restrict security group management to administrators only.

Rationale:

Restricting security group management to administrators only prohibits users from making changes to security groups. This ensures that security groups are appropriately managed and their management is not delegated to non-administrators.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From Azure Console

Go to Azure Active Directory

Go to Groups

Go to General in settings

Set Owners can manage group membership requests in the Access Panel' to No'

Default Value:

By default, Owners can manage group membership requests in the Access Panel is set to No.

See Also

https://workbench.cisecurity.org/files/3459

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CSCv7|16

Plugin: microsoft_azure

Control ID: 50c1fd95569311fe34344829e03bbf8d35e823341caa9e75201e4cb31363f3bd