Ensure that 'Owners can manage group membership requests in My Groups' is set to 'No'
Why This Matters
Allowing group owners to manage membership requests in the Access Panel introduces a significant insider risk. Non-administrative users who own groups can approve or deny membership requests without centralized oversight, potentially granting access to sensitive resources or creating security group bloat. Restricting this capability to administrators only ensures consistent enforcement of access policies and reduces the attack surface for privilege escalation.
What Aether365 Checks
This check verifies that the setting "Owners can manage group membership requests in My Groups" is configured to "No" in your Microsoft Entra ID tenant. It appears in your Aether365 dashboard under the Entra ID (entra-id) checks section.