Description:

Restrict Microsoft 365 group creation to administrators only.


Rationale:

Restricting Microsoft 365 group creation to administrators only ensures that the creation of Microsoft 365 groups is controlled by the administrator. Appropriate groups should be created and managed by the administrator and group creation rights should not be delegated to any other user.


Impact:

Enabling this setting could create a number of requests that would need to be managed by an administrator.


Default Value:

By default, Users can create Microsoft 365 groups in Azure Portals is set to Yes.


Audit:

  1. Sign in to your Azure account.

  2. Go to Azure Active Directory

  3. Go to Groups

  4. Go to General in settings

  5. Ensure that Users can create Microsoft 365 groups in Azure Portals is set to No


Remediation:

Pre-requisites:

  1. Azure Account

  2. Azure tenant associated with the subscription

  3. User with appropriate privileges to change the setting (user admin/global admin)


Implementation Steps:

  1. Sign in to your Azure account.

  2. Go to Azure Active Directory

  3. Go to Groups

  4. Go to General in settings

  5. Set the Users can create Microsoft 365 groups in Azure Portal setting to No and click on Save.


Backout Plan:

  1. Sign in to your Azure account.

  2. Go to Azure Active Directory

  3. Go to Groups

  4. Go to General in setting

  5. Set the Users can create Microsoft 365 groups in Azure Portal setting to Yes (to revoke the changes to default).


References: