By Default Azure Active directory doesn’t restrict their users from creating their own organizations. This is a kind of security risk which would allow anyone to create their own organizations and siphon of the code or other data from the parent organization to their own organization. To prevent this from happening, follow the below which would explain in detail on how to restrict Active Directory users from creating their own organization (The user should have Azure DevOps Administrator role)
Step 1: Go to Organization Settings
Step 2: Click on Azure Active Directory
Step 3: Then on the right pane restrict the users from creating Azure DevOps organization by toggling the policy settings as shown below
Step 4: There is allow list which would allow only certain users part of the Azure Active Directory to create organization. This list should be kept to generally kept to minimum.