Description:
Restrict Microsoft 365 group creation to administrators only.
Rationale:
Restricting Microsoft 365 group creation to administrators only ensures that the creation of Microsoft 365 groups is controlled by the administrator. Appropriate groups should be created and managed by the administrator and group creation rights should not be delegated to any other user.
Impact:
Enabling this setting could create a number of requests that would need to be managed by an administrator.
Default Value:
By default, Users can create Microsoft 365 groups in Azure Portals is set to Yes.
Audit:
Sign in to your Azure account.
Go to Azure Active Directory
Go to Groups
Go to General in settings
Ensure that Users can create Microsoft 365 groups in Azure Portals is set to No
Remediation:
Pre-requisites:
Azure Account
Azure tenant associated with the subscription
User with appropriate privileges to change the setting (user admin/global admin)
Implementation Steps:
Sign in to your Azure account.
Go to Azure Active Directory
Go to Groups
Go to General in settings
Set the Users can create Microsoft 365 groups in Azure Portal setting to No and click on Save.
Backout Plan:
Sign in to your Azure account.
Go to Azure Active Directory
Go to Groups
Go to General in setting
Set the Users can create Microsoft 365 groups in Azure Portal setting to Yes (to revoke the changes to default).