Review tenant creation permission in Azure Active Directory B2C
It's a security risk if a non-admin user in a tenant is allowed to create a tenant. As a Global Administrator in an Azure AD B2C tenant, you can restrict non-admin users from creating tenants.
In this article, you learn how, as an admin, you can restrict tenant creation for non-admins. Also, you learn how, as a non-admin user, you can check if you've permission to create a tenant.
Prerequisites
- If you haven't already created your own Azure AD B2C Tenant, create one now. You can use an existing Azure AD B2C tenant.
Restrict non-admin users from creating Azure AD B2C tenants
Sign in to the Azure portal as a Global Administrator.
If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
In the Azure portal, search for and select Microsoft Entra ID.
Under Manage, select User Settings.
Under Default user role permissions, for Restrict non-admin users from creating tenants, select Yes.
At the top of the User Settings page, select Save.
Check tenant creation permission
Before you create an Azure AD B2C tenant, make sure that you've the permission to do so. Use these steps to check that you've the permission to create a tenant:
Sign in to the Azure portal.
If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
In the Azure portal, search for and select Microsoft Entra ID.
Under Manage, select User Settings.
Under Default user role permissions, review your Restrict non-admin users from creating tenants setting. If the setting is set to No, then contact your administrator to assign you Tenant Creator role. The setting is greyed out if you're not an administrator in the tenant.