Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'

Why This Matters

When all users can create Microsoft 365 groups, there is no oversight on group creation or membership. This can lead to sprawl of unmanaged groups, potential data exposure, and confusion over which groups are official. Restricting creation to administrators ensures that only approved, necessary groups are created and properly governed.

What Aether365 Checks

Aether365 verifies that the setting "Users can create Microsoft 365 groups in Azure portals, API or PowerShell" is set to "No" in the Microsoft Entra ID tenant settings. This check appears in the Aether365 dashboard under the entra-id checks section.

Microsoft references

Methods for assigning users and groups
Manage creation of groups
Security controls v2 governance strategy
Security controls v2 governance strategy
Security controls v2 privileged access
Security controls v2 privileged access
Security controls v2 privileged access

Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' ​

Why This Matters ​

What Aether365 Checks ​

Microsoft references ​

Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'

Why This Matters

What Aether365 Checks

Microsoft references