Control: Azure > CIS v3.0 > 02 - Identity > 02.21 - Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
Configures auditing against a CIS Benchmark item.
Level: 2
Restrict Microsoft 365 group creation to administrators only.
Restricting Microsoft 365 group creation to administrators only ensures that creation of Microsoft 365 groups is controlled by the administrator. Appropriate groups should be created and managed by the administrator and group creation rights should not be delegated to any other user.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v3.0 > Maximum Attestation Duration
- Azure > CIS v3.0 > 02 - Identity > 02.21 - Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' > Attestation
- Azure > CIS v3.0
- Azure > CIS v3.0 > 02 - Identity > 02.21 - Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
- Azure > CIS v3.0 > 02 - Identity
- Azure > CIS v3.0 > 02 - Identity > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv3-0#/control/types/r0221
- tmod:@turbot/cis#/control/categories/v071406
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv3-0#/control/types/r0221"
Get Controls
Control Type URI
Category URI
GraphQL
CLI