InformationRestrict security group management to administrators only.
Restricting security group management to administrators only prohibits users from making changes to security groups. This ensures that security groups are appropriately managed and their management is not delegated to non-administrators.
Group Membership for user accounts will need to be handled by Admins and cause administrative overhead.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
SolutionFrom Azure Portal
From Azure Home select the Portal Menu
Select Azure Active Directory
Select General in settings
Set Owners can manage group membership requests in the Access Panel to No
Please note that at this point of time, there is no Azure CLI or other API commands available to programmatically conduct security configuration for this recommendation.
By default, Owners can manage group membership requests in the Access Panel is set to No.