Disable powershell for users on Microsoft 365

%3CLINGO-SUB%20id%3D%22lingo-sub-1543726%22%20slang%3D%22en-US%22%3EDisable%20powershell%20for%20users%20on%20Microsoft%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1543726%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20block%20user's%20access%20to%20powershell%20in%20Microsoft%20365.%20We%20would%20like%20to%20block%20our%20students%20from%20being%20able%20to%20run%20cmdlets%20like%26nbsp%3BGet-MSolRole%2C%20GetMSolRoleMember%20or%20retrieving%20a%20full%20list%20of%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EAndrew%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1543726%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1543754%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20powershell%20for%20users%20on%20Microsoft%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1543754%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fdisable-access-to-exchange-online-powershell%3Fview%3Dexchange-ps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fdisable-access-to-exchange-online-powershell%3Fview%3Dexchange-ps%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1543761%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20powershell%20for%20users%20on%20Microsoft%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1543761%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F333418%22%20target%3D%22_blank%22%3E%40DeepakRandhawa%3C%2FA%3E%2C%20Thanks%2C%20I%20already%20tried%20this%20but%20does%20not%20seem%20to%20impact%20the%20MSol%20module%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1543786%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20powershell%20for%20users%20on%20Microsoft%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1543786%22%20slang%3D%22en-US%22%3Econsider%20disabling%20PS%20on%20the%20machines%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1544060%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20powershell%20for%20users%20on%20Microsoft%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1544060%22%20slang%3D%22en-US%22%3EHave%20you%20tried%20below%20already%3A-%3CBR%20%2F%3E%3CBR%20%2F%3ESet-MsolCompanySettings%20-UsersPermissionToReadOtherUsersEnabled%20%24false%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20should%20prevent%20users%20from%20retrieving%20a%20full%20list%20of%20users%2C%20however%20Get-MsolRole%20still%20seem%20to%20work.%3CBR%20%2F%3EThis%20cmdlet%20disable%20users'%20ability%20to%20use%20the%20Azure%20AD%20module%20for%20Windows%20PowerShell%20to%20access%20user%20information%20for%20their%20organization.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fmsonline%2Fset-msolcompanysettings%3Fview%3Dazureadps-1.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fmsonline%2Fset-msolcompanysettings%3Fview%3Dazureadps-1.0%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1547045%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20powershell%20for%20users%20on%20Microsoft%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1547045%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F333418%22%20target%3D%22_blank%22%3E%40DeepakRandhawa%3C%2FA%3E%2C%20yes%20I%20have%20tried%20this.%20However%2C%20it%20negatively%20affects%20the%20users%20ability%20to%20add%20participants%20to%20a%20meeting%2C%20Team%20etc.%2C%20as%20searching%20for%20a%20user%20is%20not%20possible.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi

Is it possible to block user's access to powershell in Microsoft 365. We would like to block our students from being able to run cmdlets like Get-MSolRole, GetMSolRoleMember or retrieving a full list of users.

 

Regards

Andrew

4 Replies

@DeepakRandhawa, Thanks, I already tried this but does not seem to impact the MSol module

 

Have you tried below already:-

Set-MsolCompanySettings -UsersPermissionToReadOtherUsersEnabled $false

It should prevent users from retrieving a full list of users, however Get-MsolRole still seem to work.
This cmdlet disable users' ability to use the Azure AD module for Windows PowerShell to access user information for their organization.
https://docs.microsoft.com/en-us/powershell/module/msonline/set-msolcompanysettings?view=azureadps-1...

@DeepakRandhawa, yes I have tried this. However, it negatively affects the users ability to add participants to a meeting, Team etc., as searching for a user is not possible.