Skip to main content

Remediation

From Azure Portal

  1. In the Azure portal, open the portal menu.
  2. Select Microsoft Entra ID.
  3. Under Manage, select Users.
  4. Under Manage, select User settings.
  5. Set Restrict non-admin users from creating tenants to Yes.
  6. Click Save.

From PowerShell

Import-Module Microsoft.Graph.Identity.SignIns
Connect-MgGraph -Scopes 'Policy.ReadWrite.Authorization'
Select-MgProfile -Name beta
$params = @{ DefaultUserRolePermissions = @{ AllowedToCreateTenants = $false } }
Update-MgPolicyAuthorizationPolicy -AuthorizationPolicyId -BodyParameter $params