🛡️ Microsoft Entra ID Users Can Create Microsoft 365 Groups In Azure Portals, API Or PowerShell is set to Yes🟢⚪

• Contextual name: 🛡️ Users Can Create Microsoft 365 Groups In Azure Portals, API Or PowerShell is set to Yes🟢⚪
• ID: /ce/ca/azure/microsoft-entra-id/disable-users-can-create-microsoft-365-groups
• Tags:
  • ⚪ Impossible policy
  • 🟢 Policy with categories
  • 🟢 Policy with type
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: SECURITY

Similar Policies

• Cloud Conformity: Users Can Create Office 365 Groups

Description

Open File

Description

Restrict Microsoft 365 group creation to administrators only.

Rationale

Restricting Microsoft 365 group creation to administrators only ensures that creation of Microsoft 365 groups is controlled by the administrator. Appropriate groups should be created and managed by the administrator and group creation rights should not be delegated to any other user.

Impact

Enabling this setting could create a number of requests that would need to be managed by an administrator.

Audit

From Azure Portal

1. From Azure Home select the Portal Menu.
2. Select Microsoft Entra ID.
3. Under Manage, select Groups.
4. Under Settings, select General.
5. Under Microsoft 365 Groups, ensure that Users can create Microsoft 365 groups in Azure portals, API or PowerShell is set to No.

Default Value

By default, Users can create Microsoft 365 groups in Azure portals, API or PowerShell is set to Yes.

References

1. https://learn.microsoft.com/en-us/microsoft-365/solutions/manage-creation-of-groups?view=o365-worldwide&redirectSourcePath=%252fen-us%252farticle%252fControl-who-can-create-Office-365-Groups-4c46c8cb-17d0-44b5-9776-005fced8e618

... see more

Remediation

Open File

Remediation

From Azure Portal

1. From Azure Home select the Portal Menu.
2. Select Microsoft Entra ID.
3. Under Manage, select Groups.
4. Under Settings, select General.
5. Under Microsoft 365 Groups, set Users can create Microsoft 365 groups in Azure portals, API or PowerShell to No.
6. Click Save.

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v2.1.0 → 💼 1.20 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' - Level 2 (Manual)			1		no data
💼 CIS Azure v3.0.0 → 💼 2.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' (Manual)			1		no data
💼 CIS Azure v4.0.0 → 💼 6.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' (Manual)			1		no data
💼 Cloudaware Framework → 💼 User Account Management			19		no data