Security Group Creation Check [CHK-1056]
This check verifies if regular users can create security groups in Entra ID.
Rationale
Security groups in the Microsoft cloud are groups of users, created within Azure AD. They can be used to grant specific rights or access to certain resources. If a regular user can create a new security group, it poses a risk of malicious applications gaining access to your tenant.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to the Entra ID portal.
- Select "Groups".
- Select "Group settings".
- Set "Users can create security groups in Azure portals, API or PowerShell" to "No".
Impact
This fix ensures that only administrators can create security groups, reducing the risk of unauthorized access.