Issue
Users in the Azure Active Directory tenant can create new Microsoft 365 groups and Security groups.
Recommended Remediation
The following outlines the recommended steps that the Azure administrator should take in order to secure the environment.
After logging into the Azure tenant as a privileged user (i.e., Global Administrator), access the Azure Active Directory option.
Select the Groups blade under Manage.
Select General under Settings.
In the General menu, set Self Service Group Management options to No. Set Security Groups and Microsoft 365 Groups to No. Click Save.
