1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No'

Information

Restrict Microsoft 365 group creation to administrators only.

Rationale:

Restricting Microsoft 365 group creation to administrators only ensures that creation of Microsoft 365 groups is controlled by the administrator. Appropriate groups should be created and managed by the administrator and group creation rights should not be delegated to any other user.

Impact:

Enabling this setting could create a number of request that would need to be managed by an administrator.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From Azure Console

Go to Azure Active Directory

Go to Groups

Go to General in setting

Set Users can create Microsoft 365 groups in Azure Portals to No

Default Value:

By default, Users can create Microsoft 365 groups in Azure Portals is set to Yes.

See Also

https://workbench.cisecurity.org/files/3459

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CSCv7|16

Plugin: microsoft_azure

Control ID: efacb41b3a9ddc3b8eb226a33f2559c9e84f6077be17625e3d8e9fd50c902f19