1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'

Information

Restrict security group management to administrators only.

Rationale:

Restricting security group management to administrators only prohibits users from making changes to security groups. This ensures that security groups are appropriately managed and their management is not delegated to non-administrators.

Impact:

Group Membership for user accounts will need to be handled by Admins and cause administrative overhead.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From Azure Portal

From Azure Home select the Portal Menu

Select Azure Active Directory

Then Groups

Select General in settings

Set Owners can manage group membership requests in the Access Panel to No

Default Value:

By default, Owners can manage group membership requests in the Access Panel is set to No.

See Also

https://workbench.cisecurity.org/benchmarks/10624

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-6, 800-53|AC-6(1), 800-53|AC-6(7), 800-53|AU-9(4), CSCv7|14.6

Plugin: microsoft_azure

Control ID: 6be8e67e22d8e474334460f83a9139058f1818569c20a6c1b22cc196c4af0071