Other Articles

Microsoft Entra – Restrict Tenant Creation

Secure Configuration Checks > Microsoft Entra

This check ensures that only authorized users can create new tenants in Microsoft Entra. Restricting tenant creation helps prevent shadow IT, unauthorized environments, and potential governance and security risks.

Check Details

  • Resource: Microsoft Entra ID
  • Check: Restrict tenant creation
  • Risk: Unrestricted tenant creation can lead to unmanaged environments, data sprawl, and security gaps

Remediation via Microsoft Entra Admin Center

  1. Log in to the Microsoft Entra Admin Center.

    Microsoft Entra Home
  2. Navigate to Users from the left-hand menu. Groups Menu
  3. Navigate to User settings. User Settings
  4. Locate the setting “Restrict non-admin users from creating tenants”.
  5. Set this option to Yes to restrict tenant creation. Restrict Tenant Creation Setting
  6. Click Save to apply the changes.

Default Value

By default, users may have the ability to create new tenants, depending on organizational settings. This can lead to uncontrolled tenant sprawl if not restricted.

Updated on 20 April, 2026