Ensure your AAD Users can't create AD Tenants!!
I do understand distributed management and delegation, but this seems like a step too far. There is a new setting that allows users to be able to create their own Azure AD tenants. While it is a great privilege and setting to have, why ‘Yes’ would be the default choice is an interesting default and I would like to understand the rationale behind that.
Save your future self from a number of headaches, just select no.