In this blog post we look at a new setting within the Azure AD portal. “Users can create Azure AD tenants“. Unfortunately, the setting is enabled by default. Not sure why, but I guess most organizations will want to turn this off. You can find the setting within the Azure AD portal, Settings / Users / User settings / Tenant creation.
‘Yes’ allows default users to create Azure AD tenants. ‘No’ allows only users with the global administrator or tenant creator roles to create Azure AD tenants. Anyone who creates a tenant will become the global administrator for that tenant.
Let’s look at what a standard user can do when the setting is enabled and when they have access to the Azure AD portal. Because there’s another setting that allows you to Restrict access to the Azure AD administration portal.
Select Manage tenants
Then select Create
Select a tenant type
And finally enter the name of the tenant
…. And after a few minutes Sam has its own tenant.
We also get an audit log for this activity with the activity type ‘Create Company‘
And at least we also get the Tenant ID that was created.
If you haven’t