Securing Azure — Disabling New Group Creation

Jun 26, 2023

--

Issue

Users in the Azure Active Directory tenant can create new Microsoft 365 groups and Security groups.

Recommended Remediation

The following outlines the recommended steps that the Azure administrator should take in order to secure the environment.

After logging into the Azure tenant as a privileged user (i.e., Global Administrator), access the Azure Active Directory option.

Azure Active Directory option

Select the Groups blade under Manage.

Groups option in Azure AD

Select General under Settings.

General settings option

In the General menu, set Self Service Group Management options to No. Set Security Groups and Microsoft 365 Groups to No. Click Save.

Setting group management options to No

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Azure Active Directory

Written by Joe Helle

Father | Husband | Army Veteran | Former Mayor | Chief Operating Officer | Red Team Lead | CISM | PNPT | OSCP | Retired Moonshiner | Twitter @joehelle

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams