Users can create AzureAD tenants

Hello there,

In this blog post we look at a new setting within the Azure AD portal. “Users can create Azure AD tenants“. Unfortunately, the setting is enabled by default. Not sure why, but I guess most organizations will want to turn this off. You can find the setting within the Azure AD portal, Settings / Users / User settings / Tenant creation.

‘Yes’ allows default users to create Azure AD tenants. ‘No’ allows only users with the global administrator or tenant creator roles to create Azure AD tenants. Anyone who creates a tenant will become the global administrator for that tenant.

Let’s look at what a standard user can do when the setting is enabled and when they have access to the Azure AD portal. Because there’s another setting that allows you to Restrict access to the Azure AD administration portal.

Select Manage tenants

Then select Create

Select a tenant type

And finally enter the name of the tenant

…. And after a few minutes Sam has its own tenant.

We also get an audit log for this activity with the activity type ‘Create Company

And at least we also get the Tenant ID that was created.

If you haven’t disabled the setting yet, here’s q KQL query to find out whether someone in your organization already created a tenant.

And here’s another query to find out who enabled the feature again, after you had disabled it.

If you use Microsoft Sentinel, you can create Analytic rules for both activities.

Below are the KQL queries.

Leave a Reply