🛡️ Microsoft Entra ID Restrict User Ability To Access Groups Features In The Access Pane is set to No🟢⚪

• Contextual name: 🛡️ Restrict User Ability To Access Groups Features In The Access Pane is set to No🟢⚪
• ID: /ce/ca/azure/microsoft-entra-id/restrict-user-ability-to-access-groups-features
• Tags:
  • ⚪ Impossible policy
  • 🟢 Policy with categories
  • 🟢 Policy with type
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: SECURITY

Similar Policies

• Cloud Conformity: Restrict User Access to Microsoft Entra Group Features in Azure Access Panel

Description

Open File

Description

Restrict access to group web interface in the Access Panel portal.

Rationale

Self-service group management enables users to create and manage security groups or Office 365 groups in Microsoft Entra ID. Unless a business requires this day-to-day delegation for some users, self-service group management should be disabled. Any user can access the Access Panel, where they can reset their passwords, view their information, and more. By default, users are also allowed to access the Group feature, which shows groups, members, and related resources (SharePoint URL, group email address, Yammer URL, and Teams URL). By setting this feature to Yes, users will no longer have access to the web interface but will still have access to the data using the API. This is useful to prevent non-technical users from enumerating group-related information, while technical users can still access this information using APIs.

Impact

Setting to Yes could create administrative overhead by customers seeking certain group memberships that will have to be manually managed by administrators with appropriate permissions.

... see more

Remediation

Open File

Remediation

From Azure Portal

1. In the Azure portal, open the portal menu.
2. Select Microsoft Entra ID.
3. Under Manage, select Groups.
4. Under Settings, select General.
5. Under Self Service Group Management, set Restrict user ability to access groups features in My Groups to Yes.
6. Click Save.

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v5.0.0 → 💼 5.18 Ensure that 'Restrict user ability to access groups features in My Groups' is set to 'Yes' (Manual)			1		no data
💼 Cloudaware Framework → 💼 General Access Controls			18		no data