Risk Level: Low
Cloud Entity: AD Authorization Policy
CloudGuard Rule ID: D9.AZU.IAM.43
Covered by Spectral: No
Category: Active Directory
ADAuthorizationPolicy should not have defaultUserRolePermissions.allowedToCreateSecurityGroups=true
- Go to Azure Active Directory.
- Go to Groups.
- Go to 'General' in Settings.
- Set 'Users can create security groups in Azure portals, API or PowerShell' to No.
- Click Save.
Note: Please note that at this point of time, there is no Azure CLI or other API commands available to programmatically conduct security configuration for this recommendation.
Represents a policy that can control Azure Active Directory authorization settings.
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated 3 months ago