Control: 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
Description
Restricts group creation to administrators with permissions only.
Self-service group management enables users to create and manage security groups or Office 365 groups in Azure Active Directory (Azure AD). Unless a business requires this day-to-day delegation for some users, self-service group management should be disabled.
Remediation
From Azure Portal
- From Azure Home select the Portal Menu.
- Select
Azure Active Directory
. - Select
Groups
. - Select
General
underSettings
. - Ensure that
Restrict user ability to access groups features in the Access Panel
is set toYes
.
Default Value
By default, Restrict user ability to access groups features in the Access Pane
is set to No
.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v200_1_18
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v200_1_18 --share
SQL
This control uses a named query:
ad_manual_control