1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No'

Information

Restrict security group creation to administrators only.

Rationale:

When creating security groups is enabled, all users in the directory are allowed to create new security groups and add members to those groups. Unless a business requires this day-to-day delegation, security group creation should be restricted to administrators only.

Impact:

Enabling this setting could create a number of request that would need to be managed by an administrator.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From Azure Console

Go to Azure Active Directory

Go to Groups

Go to General in setting

Set Users can create security groups in Azure Portals to No



Default Value:

By default, Users can create security groups is set to Yes.

See Also

https://workbench.cisecurity.org/files/3459

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CSCv7|16

Plugin: microsoft_azure

Control ID: fb2045b9315b3df4765d3546fcb4d1a500dfde0d56d9c98ded72334721a72004