InformationRestrict security group creation to administrators only.
When creating security groups is enabled, all users in the directory are allowed to create new security groups and add members to those groups. Unless a business requires this day-to-day delegation, security group creation should be restricted to administrators only.
Enabling this setting could create a number of requests that would need to be managed by an administrator.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
SolutionFrom Azure Portal
From Azure Home select the Portal Menu
Select Azure Active Directory
Select General in setting
Set Users can create security groups in Azure portals, API or PowerShell to No
Please note that at this point of time, there is no Azure CLI or other API commands available to programmatically conduct security configuration for this recommendation.
By default, Users can create security groups in Azure portals, API or PowerShell is set to Yes