Ensure that 'Restrict non-admin users from creating tenants' is set to 'Yes'
Why This Matters
Allowing any user to create new tenants increases the risk of unmanaged or unauthorized Microsoft Entra ID environments. These rogue tenants can bypass security controls, lead to data sprawl, and make it harder for administrators to maintain consistent governance across your organization. Restricting tenant creation to administrators ensures that only authorized personnel can spin up new directories, preserving centralized oversight.
What Aether365 Checks
This check verifies that the "Restrict non-admin users from creating tenants" setting in Microsoft Entra ID is configured to "Yes". It appears in the Aether365 dashboard under the entra-id security check category.
How to Fix
Restrict tenant creation to administrators by following these steps: