Disable Remote PowerShell for Office365 Users

For one reason or another, you may want to disable remote PowerShell access for all the users in your organisation.
The main reason for doing so would be to prevent ‘reconnaissance’ type attacks whereby a user will try to gain information about your network/organisation/topology/system etc by simply running (in this case) PowerShell queries against your organisation.

By default, users (all, including non-admins) will have remote PowerShell access to your organisation (Exchange online, etc).
Non-administrators have a limited set of commands they can run in PowerShell but the fact that they can access these commands in the first place pops up a red flag (what if a new command was introduced and was inadvertently accessible to all users?)

The command below turns off remotePowerShell for a particular user. You can amend this to disable PowerShell for all user’s but remember to exclude (-ne) the Administrator account!!!

Set-User -Identity "User Alias" -RemotePowerShellEnabled $false

This entry was posted in Tech and tagged , , , . Bookmark the permalink.

Comments are closed.