1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No'

Information

Restrict group creation to administrators only.

Rationale:

Self-service group management enables users to create and manage security groups or Office 365 groups in Azure Active Directory (Azure AD). Unless a business requires this day-to-day delegation for some users, self-service group management should be disabled.

Impact:

Enabling this setting could create a number of request that would need to me managed by administrators.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From Azure Console

Go to Azure Active Directory

Go to Groups

Go to General in setting

Ensure that Restrict user ability to access groups features in the Access Pane is set to No

Default Value:

By default, Restrict user ability to access groups features in the Access Pane is set to No.

See Also

https://workbench.cisecurity.org/files/3459

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CSCv7|16

Plugin: microsoft_azure

Control ID: 6a9cb80d97bfbe2108343d42a22854b42a9bc255f0a4c11cb455273f5f92a41a