Policy: Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'

Configures auditing against a CIS Benchmark item.

Level: 2

Restrict security group management to administrators only.

Restricting security group management to administrators only prohibits users from making changes to security groups. This ensures that security groups are appropriately managed and their management is not delegated to non-administrators.

Resource Types

This policy targets the following resource types:

Azure > Active Directory > Directory

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v2.0 > 01 - Identity and Access Management

Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' > Attestation

Controls

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v2.0 > 01 - Identity and Access Management`
Valid Values [YAML]	`Per Azure > CIS v2.0 > 01 - Identity and Access Management` `Skip` `Check: Benchmark using attestation`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v071406

Policy Type URI

tmod:@turbot/azure-cisv2-0#/policy/types/r0120

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv2-0#/policy/types/r0120") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv2-0#/policy/types/r0120'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv2-0#/policy/types/r0120'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv2-0#/policy/types/r0120"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv2-0#/policy/types/r0120"