Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!
Start a Free Trial Product featuresEnsure that "Users can create Office 365 groups in Azure portals" is set to "No" within your Azure Active Directory settings in order to make sure that non-privileged users are not able to create Office 365 groups using the Access Panel and the Azure administration portal.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Security
Depending on your business needs, you might want to control who has the ability to create Office 365 groups. When "Users can create Office 365 groups in Azure portals" feature is enabled, all users in your Active Directory account are allowed to create new Office 365 groups and add members to those groups. Unless your business logic requires delegation to create groups, Office 365 group creation should be restricted to Active Directory administrators only.
To determine if non-privileged users have the ability to create Microsoft Office 365 groups within Azure portals, perform the following actions:
Note: Retrieving the feature configuration status using Microsoft Graph API or Azure CLI is not currently supported.By setting "Users can create Office 365 groups in Azure portals" to "No", only Azure Active Directory (AD) administrators can create Office 365 groups. To disable the feature, perform the following actions:
Note: Restricting Office 365 group creation to Active Directory administrators only using Microsoft Graph API or Azure CLI is not currently supported.Unlock the Remediation Steps
Gain free unlimited access to our full Knowledge Base
Over 600 rules & best practices for 
and 
Get started for FREE
Thank you!
Please click the link in the confirmation email sent to
You are auditing:
Restrict Office 365 Group Creation to Administrators Only
Risk level: High
|