iCompaas Support

Description:

This setting controls whether group owners can approve or deny membership requests in the Access Panel (My Groups). When it is set to No, only administrators can manage membership requests. This prevents group owners from changing group memberships without admin oversight.

Rationale:

Setting this option to No ensures that only administrators can manage group membership requests. This prevents group owners from adding or removing members without proper oversight and reduces the risk of unauthorized access.

Impact:

This setting improves security by limiting membership management to administrators. Group owners cannot approve or change membership requests, which reduces the chance of unauthorized users being added to groups.

Default Value:

By default, Microsoft Entra ID allows group owners to manage membership requests. The setting is not restricted unless an administrator changes it to No.

Pre-requisites:

• You must sign in with a Global Administrator or Privileged Role Administrator account.

Test Plan:

1. Go to the Azure portal at https://portal.azure.com.

2. In the portal, search for  Microsoft Entra ID.

3. Under Manage, select Groups.

4. In the Settings section, click General.

5. In the Self Service Group Management area, locate the setting Owners can manage group membership requests in My Groups.

6. Verify that the value is set to No.

7. If the value is Yes, follow the implementation plan.

Implementation Plan:

1. Go to the Azure portal at https://portal.azure.com.

2. In the portal, search for  Microsoft Entra ID.

3. Under Manage, select Groups.

4. In the Settings section, click General.

5. In the Self Service Group Management area, locate the setting Owners can manage group membership requests in My Groups.

6. Change the toggle to No.

7. Click Save to apply the change.

Backout Plan:

1. Go to the Azure portal at https://portal.azure.com.

2. In the portal, search for   Microsoft Entra ID.

3. Under Manage, select Groups.

4. In the Settings section, click General.

5. In the Self Service Group Management area, locate the setting Owners can manage group membership requests in My Groups.

6. Change the setting back to Yes.

7. Click Save to apply the change.

Reference:

• https://learn.microsoft.com/en-us/entra/identity/users/groups-manage