Issue Summary

This is reproducible on Data Center: (yes) / (no)

Current

Individual members of a claimed domain can create Atlassian cloud instances. The domain owner/admin are just notified that these instance are being created but there is no path to block all future sign ups from members of that domain. The pain for the IT/Security team is that shadow IT continues to thrive and there is no easy way to enforce security/compliance as it difficult to get hold of owners of those newly created orgs.  

Desired 

Ideally, once a domain is claimed, no further sign ups for new orgs should be possible. Instead, those users should be redirected to contact their own IT team.