Ensure that "Enable an 'All Users' group in the directory" policy is set to "Yes" in your Azure Active Directory (AD) settings in order to enable the "All Users" group for centralized access administration. This group represents the entire collection of the Active Directory users, including guests and external users, that you can use to make the access permissions easier to manage within your directory.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
The "All Users" group can be used to assign the same permissions to all the users within an Azure Active Directory account. For example, all users in a directory can be given access to a SaaS application by assigning a specific set of permissions that allows application access to the "All Users" dedicated group. This ensures that there is a common policy created for all the existing and future users and there is no need to implement individual access permissions.
Audit
To determine if "All Users" group is enabled for centralized administration in your Azure AD directory, perform the following actions:
Note: Getting "Enable an All Users group in the directory" feature configuration status using Microsoft Graph API or Azure CLI is not currently supported.Remediation / Resolution
By setting "Enable an All Users group in the directory" to "Yes", a single group can be used to assign the same permissions to all the available AD users, which can be really helpful for implementing centralized access management inside your Active Directory account. To enable the feature, perform the following actions:
Note: Activating "Enable an All Users group in the directory" feature using Microsoft Graph API or Azure CLI is not currently supported.References
- Azure Official Documentation
- Create a basic group and add members using Azure Active Directory
- CIS Microsoft Azure Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable All Users Group
Risk level: Medium