Best practices

Users can create security groups in Azure portals, API or PowerShell


'User settings' is default configurations of consent and permissions for all tenant users. It was detected that users can create security groups. When creating security groups permission is enabled, all users in the directory are allowed to create new security groups and add members to those groups. Unless a business requires this day-to-day delegation, security group creation should be restricted to administrators only.
  • Recommended Mitigation

    It is recommended to restrict security group creation to administrators only. For more information: <a href="" target="_blank" rel="noopener noreferrer"></a>