I need to restrict the users from adding to the groups manually in Azure, any help on this issue?
CodePudding user response:
Thanks @Rahul Shukla for your suggestion .
- Restrict Users from adding to groups
Give the user with reader or contributor permission to the user . if you add that user the reader permission they will then be able to read any resource in the subscription, but not modify anything.
For more details refer this document: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current
2)Prevent admin to add the users to group
Create review process in places where if any user gets added in the group admin will get notification for the same and based on admin approval only it will gets added.
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access
For more details refer this document: https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview