Best practices

Users can create security groups in Azure portals, API or PowerShell

Description

'User settings' is default configurations of consent and permissions for all tenant users. It was detected that users can create security groups. When creating security groups permission is enabled, all users in the directory are allowed to create new security groups and add members to those groups. Unless a business requires this day-to-day delegation, security group creation should be restricted to administrators only.