In Nov 2022, Microsoft added the permission to create new tenants in AzurePortal. In fact, by default, every user registered on AzureAD can also create additional tenants.
This setting is not brand-new. Every user has had access to creating Azure AD tenants using their corporate accounts ever since the Azure portal launched. It was a significant issue up until today because admins had no setting to stop it.
The administrator now has better control over this thanks to this new setting. The tenant created by the user is in no way connected to the corporate tenant, as can be seen in the end user experience below.
In fact, by default, any user registered on AzureAD can also create additional
Here, however, it is then the case that the admin in the new tenant is then the authenticated user of their tenant.
So it is the employee's problem that he associates the admin rights of his tenant with an account managed by them and also loses them when leaving the company. Nevertheless, you can prevent users of their tenant from using their identity for this purpose.
More Information about this Topic on: https://itpro-tips.com/new-setting-users-can-create-azure-ad-tenants
To build apps that use the Microsoft identity platform for identity and access management, you need access to an Azure Active Directory (Azure AD) tenant.