[GH-ISSUE #2916] Disable site creation by standard users - Does not correctly prevent site creation #1444

New issue

Closed

opened 2026-03-02 13:44:14 +03:00 by kerem · 4 comments

kerem commented 2026-03-02 13:44:14 +03:00

Owner

Copy link

Originally created by @BPT-CIPP on GitHub (Oct 3, 2024).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2916

Description

Appologies in advance as i am not truly a dev and may not follow usual GitHub etiquette.

The standard currently only changes the "isSiteCreationEnabled" flag, but does not change the "isSiteCreationUIEnabled" flag.
the isSiteCreationUIEnabled flag appears to control if the site creation is allowed through the UI (web).

I am assuming the "isSiteCreationEnabled" flag changes behavior through api/powershell.

I have updated the powershell and tested on my installation and the changes below appear to work

"isSiteCreationUIEnabled": true

"isSiteCreationUIEnabled": false

Invoke-CIPPStandardDisableUserSiteCreate.ps1
updated code:

function Invoke-CIPPStandardDisableUserSiteCreate {
    <#
    .FUNCTIONALITY
        Internal
    .COMPONENT
        (APIName) DisableUserSiteCreate
    .SYNOPSIS
        (Label) Disable site creation by standard users
    .DESCRIPTION
        (Helptext) Disables users from creating new SharePoint sites
        (DocsDescription) Disables standard users from creating SharePoint sites, also disables the ability to fully create teams
    .NOTES
        CAT
            SharePoint Standards
        TAG
            "highimpact"
        ADDEDCOMPONENT
        IMPACT
            High Impact
        POWERSHELLEQUIVALENT
            Update-MgAdminSharepointSetting
        RECOMMENDEDBY
        UPDATECOMMENTBLOCK
            Run the Tools\Update-StandardsComments.ps1 script to update this comment block
    .LINK
        https://docs.cipp.app/user-documentation/tenant/standards/edit-standards
    #>

    param($Tenant, $Settings)
    ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'DisableUserSiteCreate'

    $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true

    If ($Settings.remediate -eq $true) {

        if ($CurrentInfo.isSiteCreationEnabled -or $CurrentInfo.isSiteCreationUIEnabled) {
            try {
                $body = '{"isSiteCreationEnabled": false, "isSiteCreationUIEnabled": false}'
                $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json'
                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites and adjusted UI setting' -sev Info
            } catch {
                $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable standard users from creating sites: $ErrorMessage" -sev Error
            }
        } else {
            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are already disabled from creating sites and UI setting is adjusted' -sev Info
        }

    }

    if ($Settings.alert -eq $true) {

        if ($CurrentInfo.isSiteCreationEnabled -eq $false -and $CurrentInfo.isSiteCreationUIEnabled -eq $false) {
            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are not allowed to create sites and UI setting is disabled' -sev Info
        } else {
            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are allowed to create sites or UI setting is enabled' -sev Alert
        }
    }

    if ($Settings.report -eq $true) {
        Add-CIPPBPAField -FieldName 'DisableUserSiteCreate' -FieldValue $CurrentInfo.isSiteCreationEnabled -StoreAs bool -Tenant $tenant
        Add-CIPPBPAField -FieldName 'DisableUserSiteCreateUI' -FieldValue $CurrentInfo.isSiteCreationUIEnabled -StoreAs bool -Tenant $tenant
    }
}

Environment data

Non-sponsored
Front End Version Number:
Back End Version Number:

Tried Tenant Cache Clear: true
Tried Token Cache Clear: true

Also tested solution and verified functionality.

Originally created by @BPT-CIPP on GitHub (Oct 3, 2024). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/2916 ### Description Appologies in advance as i am not truly a dev and may not follow usual GitHub etiquette. The standard currently only changes the "isSiteCreationEnabled" flag, but does not change the "isSiteCreationUIEnabled" flag. the isSiteCreationUIEnabled flag appears to control if the site creation is allowed through the UI (web). I am assuming the "isSiteCreationEnabled" flag changes behavior through api/powershell. I have updated the powershell and tested on my installation and the changes below appear to work "isSiteCreationUIEnabled": true  "isSiteCreationUIEnabled": false  [Invoke-CIPPStandardDisableUserSiteCreate.ps1](https://github.com/BPT-CIPP/CIPP-API/blob/master/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1) updated code: ``` function Invoke-CIPPStandardDisableUserSiteCreate { <# .FUNCTIONALITY Internal .COMPONENT (APIName) DisableUserSiteCreate .SYNOPSIS (Label) Disable site creation by standard users .DESCRIPTION (Helptext) Disables users from creating new SharePoint sites (DocsDescription) Disables standard users from creating SharePoint sites, also disables the ability to fully create teams .NOTES CAT SharePoint Standards TAG "highimpact" ADDEDCOMPONENT IMPACT High Impact POWERSHELLEQUIVALENT Update-MgAdminSharepointSetting RECOMMENDEDBY UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block .LINK https://docs.cipp.app/user-documentation/tenant/standards/edit-standards #> param($Tenant, $Settings) ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'DisableUserSiteCreate' $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true If ($Settings.remediate -eq $true) { if ($CurrentInfo.isSiteCreationEnabled -or $CurrentInfo.isSiteCreationUIEnabled) { try { $body = '{"isSiteCreationEnabled": false, "isSiteCreationUIEnabled": false}' $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites and adjusted UI setting' -sev Info } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable standard users from creating sites: $ErrorMessage" -sev Error } } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are already disabled from creating sites and UI setting is adjusted' -sev Info } } if ($Settings.alert -eq $true) { if ($CurrentInfo.isSiteCreationEnabled -eq $false -and $CurrentInfo.isSiteCreationUIEnabled -eq $false) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are not allowed to create sites and UI setting is disabled' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are allowed to create sites or UI setting is enabled' -sev Alert } } if ($Settings.report -eq $true) { Add-CIPPBPAField -FieldName 'DisableUserSiteCreate' -FieldValue $CurrentInfo.isSiteCreationEnabled -StoreAs bool -Tenant $tenant Add-CIPPBPAField -FieldName 'DisableUserSiteCreateUI' -FieldValue $CurrentInfo.isSiteCreationUIEnabled -StoreAs bool -Tenant $tenant } } ``` ### Environment data ```PowerShell Non-sponsored Front End Version Number: Back End Version Number: Tried Tenant Cache Clear: true Tried Token Cache Clear: true Also tested solution and verified functionality. ```

kerem 2026-03-02 13:44:14 +03:00

• closed this issue
• added the
  bug
  unconfirmed-by-user
  labels

kerem commented 2026-03-02 13:44:15 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Oct 3, 2024):

Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://docs.cipp.app/
If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug."

Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

<!-- gh-comment-id:2392238657 --> @github-actions[bot] commented on GitHub (Oct 3, 2024): Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://docs.cipp.app/ If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug." Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

kerem commented 2026-03-02 13:44:15 +03:00

Author

Owner

Copy link

@BPT-CIPP commented on GitHub (Oct 3, 2024):

I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.

<!-- gh-comment-id:2392241972 --> @BPT-CIPP commented on GitHub (Oct 3, 2024): I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.

kerem commented 2026-03-02 13:44:15 +03:00

Author

Owner

Copy link

@KelvinTegelaar commented on GitHub (Oct 4, 2024):

That's great! thanks. Let us know if you're on discord and we'll give you a contributor tag!

<!-- gh-comment-id:2394378802 --> @KelvinTegelaar commented on GitHub (Oct 4, 2024): That's great! thanks. Let us know if you're on discord and we'll give you a contributor tag!

kerem commented 2026-03-02 13:44:15 +03:00

Author

Owner

Copy link

@BPT-CIPP commented on GitHub (Oct 4, 2024):

I am on discord! - mhollierbpt_51429

Thanks!

<!-- gh-comment-id:2394383027 --> @BPT-CIPP commented on GitHub (Oct 4, 2024): I am on discord! - mhollierbpt_51429 Thanks!

kerem referenced this issue 2026-03-02 13:57:25 +03:00

[PR #1444] [MERGED] Fixed GranularDelegetedAdminPrivileges spelling mistake #3232

kerem referenced this issue 2026-03-02 13:57:27 +03:00

[PR #1455] [CLOSED] Removed Exchange token from dashboard & setup #3238

kerem referenced this issue 2026-03-02 13:57:28 +03:00

[PR #1457] [MERGED] Dev to release #3240

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs

dev

dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42

dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2

dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0

dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2

dependabot/npm_and_yarn/dev/recharts-3.8.1

dependabot/github_actions/dev/actions/setup-node-6.4.0

copilot/add-alert-for-report-only-ca

release/beta

release/nightly

docs-maintenance

v10.4.0

v10.3.0

v10.2.0

v10.1.0

v10.0.0

v8.8.0

v8.7.0

v8.6.0

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.0

v5.9.0

v5.8.5

v5.8.0

v5.7.0

v5.6.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.9.0

v4.8.0

v4.7.0

v.4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.0

v4.0.0

v3.8.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.0

v2.20.0

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.13.0

v2.12.0

v2.11.2

v2.1.11.0

v.2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.5

v2.5.0

v2.4.0

v.2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

2.0.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.0

v1.3.0

v1.2.1

v1.2.0

1.1.0

release

Labels

Clear labels   

API

  

Feature

  

NotABug

  

NotABug

  

Planned

  

Sponsor Priority

  

Sponsor Priority

  

bug

  

documentation

  

duplicate

  

enhancement

  

needs more info

  

no-activity

  

no-priority

  

not-assigned

  

pull-request

Mirrored from GitHub Pull Request

  

react-conversion

  

react-conversion

  

roadmap

  

security

  

stale

  

unconfirmed-by-user

  

unconfirmed-by-user

  

wontfix

No labels

API

Feature

NotABug

NotABug

Planned

Sponsor Priority

Sponsor Priority

bug

documentation

duplicate

enhancement

needs more info

no-activity

no-priority

not-assigned

pull-request

react-conversion

react-conversion

roadmap

security

stale

unconfirmed-by-user

unconfirmed-by-user

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#1444

No description provided.