Control: Azure > CIS v4.0 > 06 - Identity Services > 06.18 - Ensure that 'Restrict user ability to access groups features in My Groups' is set to 'Yes'
Configures auditing against a CIS Benchmark item.
Level: 2
Restrict access to group web interface in the Access Panel portal.
Self-service group management enables users to create and manage security groups or Office 365 groups in Microsoft Entra ID. Unless a business requires this day-to-day delegation for some users, self-service group management should be disabled. Any user can access the Access Panel, where they can reset their passwords, view their information, etc. By default, users are also allowed to access the Group feature, which shows groups, members, related resources (SharePoint URL, Group email address, Yammer URL, and Teams URL). By setting this feature to 'Yes', users will no longer have access to the web interface, but still have access to the data using the API. This is useful to prevent non-technical users from enumerating groups-related information, but technical users will still be able to access this information using APIs.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 06 - Identity Services > 06.18 - Ensure 'Restrict user ability to access groups features' is set to 'Yes'
- Azure > CIS v4.0 > 06 - Identity Services > 06.18 - Ensure 'Restrict user ability to access groups features' is set to 'Yes' > Attestation
- Azure > CIS v4.0 > Maximum Attestation Duration
- Azure > CIS v4.0
- Azure > CIS v4.0 > 06 - Identity Services
- Azure > CIS v4.0 > 06 - Identity Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r0618
- tmod:@turbot/cis#/control/categories/v071406
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r0618"
Get Controls