SOLVED

Disable Powershell management for Exchange Online for all users

%3CLINGO-SUB%20id%3D%22lingo-sub-1757600%22%20slang%3D%22en-US%22%3EDisable%20Powershell%20management%20for%20Exchange%20Online%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1757600%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20disable%20Powershell%20access%20for%20all%20users%20and%20Admin%20except%20for%20a%20single%20admin%20(myadmin)%3C%2FP%3E%3CP%3Ehow%20can%20i%20do%20this%2C%20I%20try%20doing%20this%20using%20conditional%20access%2C%20but%20did%20not%20find%20any%20thing%20to%20block%20Powershell%20access%2C%20I%20saw%20only%20the%20ActiveSync%20Client%20and%20Browser%3C%2FP%3E%3CP%3EAny%20help%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1757600%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1760262%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Powershell%20management%20for%20Exchange%20Online%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1760262%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20Exchange%20Online%2C%20best%20use%20the%20Client%20Access%20Rules%20functionality%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fclient-access-rules%2Fclient-access-rules%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fclient-access-rules%2Fclient-access-rules%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1763269%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Powershell%20management%20for%20Exchange%20Online%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1763269%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20is%20this%20doable%20using%20Azure%20AD%20Conditional%20Access%20or%20not%3F!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1763776%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Powershell%20management%20for%20Exchange%20Online%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1763776%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F819940%22%20target%3D%22_blank%22%3E%40niazstinu%3C%2FA%3E%26nbsp%3Byou%20can%20disable%20powershell%20with%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESet-User%20-Identity%20userToDisable%20-RemotePowerShellEnabled%3A%24False%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1791666%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20Powershell%20management%20for%20Exchange%20Online%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1791666%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F527081%22%20target%3D%22_blank%22%3E%40Pierfish%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20Azure%20Conditional%20Access%20wont%20help%20in%20this%20case.%20yes%20%3F!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi, 

I want to disable Powershell access for all users and Admin except for a single admin (myadmin)

how can i do this, I try doing this using conditional access, but did not find any thing to block Powershell access, I saw only the ActiveSync Client and Browser

Any help

5 Replies
Highlighted
Best Response confirmed by niazstinu (Occasional Contributor)
Highlighted

@Vasil Michev 

But is this doable using Azure AD Conditional Access or not?!

 

Highlighted

@niazstinu you can disable powershell with

 

Set-User -Identity userToDisable -RemotePowerShellEnabled:$False

 

 

Highlighted

@Pierfish 

So Azure Conditional Access wont help in this case. yes ?!

Highlighted

@niazstinu not in this case because you can block completely access to Exchange with Conditional Access but you cannot discriminate between OWA and PowerShell for example