Users can create Azure AD tenant

Question

It looks like by default the tenant. creation is "Yes" from AAD -> User settings

Where it says all users can create the tenant. Should not it be the default "No" ?

Is it a new feature introduced in Azure? and from when? And why its default "Yes"

Screenshot

Answer 1

By default , users are given some set of permissions. But it all depends on whether the user is the member or a guest user or restricted guest user .

When a new tenant is created , the one who creates that tenant will be the only user and has global admin rights and can have access to creating tenant.

• Guest user and restricted guest users doesn’t have directory permissions . So if you need to change member access from user settings according to requirement, you can change that to no.

See Default user permissions - Azure Active Directory - Microsoft Entra | Microsoft Learn

• Earlier tenant creation option itself was not present for user , but restriction to administration portal is by default set to NO and has to be set yes explicitly anyway to restrict users to admin portal. Check this Restrict access to Azure AD administration portal - ALI TAJRAN
• In the same way tenant creation must be set to no by newly created tenant admin.

When I created new user and loggen in , its default settings are according to what admin set with his admin privilige.

So When I set them using admin user account details

And then created user ,cannot access portal itself , as access to admin portal is restricted.

Or you can make only tenant creation restriction accordingly.