Stop Users Creating Azure AD Tenants
Stop standard users being able to create an Azure AD tenant by flicking this switch. Prevent data loss prevention and shadow IT.
A new setting (not sure how new..) has appeared under Users > User Settings that allows users to create Azure AD tenants. This seems to default to "Yes" which seems crazy, especially in a corporate environment.
This is course gives users Global Admin to that tenant allowing them to do anything they want.
Flick the switch to "No" to prevent users creating tenants.
I can see particular security challenges around DLP (data loss prevention) and if users create new tenants, then all that hard work putting security controls in place in the main tenant go out the window. Your SOC team will be blind.
Hope you enjoyed this quick Azure security tip. Please look out for more!