Context
To limit the ability of hackers to perform large-scale actions on mailboxes if/when they break in. Such an action can be mitigated by removing the ability to use PowerShell from users who will not need it for day-to-day email usage. Removing from administrators may limit your ability to use automation tools.
Office Protect setting
In the Set section, you can configure one of the following options when you apply the setting:
- Remove from non-Admin: Powershell scripting will be disabled for all non-admin users.
- Grant to all users: Powershell scripting will be enabled for all users.
- Do not modify (Ignore): We will not monitor nor attempt to modify the user’s ability to use Powershell. We recommend using this option if you want to customize the user’s access to PowerShell. Warning: Users have PowerShell scripting enabled by default upon creation.
In Microsoft
This setting can only be applied through Exchange Online Powershell (see Microsoft’s documentation below).
Microsoft’s documentation on Access to Exchange Online Powershell: https://docs.microsoft.com/en-us/powershell/exchange/disable-access-to-exchange-online-powershell?view=exchange-ps