Information
Restrict security group management to administrators only.
Rationale:
Restricting security group management to administrators only prohibits users from making changes to security groups. This ensures that security groups are appropriately managed and their management is not delegated to non-administrators.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
From Azure Console
Go to Azure Active Directory
Go to Groups
Go to General in settings
Set Owners can manage group membership requests in the Access Panel' to No'
Default Value:
By default, Owners can manage group membership requests in the Access Panel is set to No.