Sometimes there arises a scenario where you may want to disable remote PowerShell access for your users in Office 365. The main reason for doing so would be to prevent rogue admins, users, or even compromised user accounts from being able to do anything malicious with your tenant.

By default, all users will have remote PowerShell access to your Office 365 Organization. Now RBAC Policies prevent them from doing a whole lot (if they are non-administrative users). However if an account gets compromised there could be issues.

The cmdlet below turns off remote PowerShell for a particular user. You can use this to disable PowerShell for all user’s but remember to do not include the Administrators account or you will not be able to run the Hybrid Configuration Wizard or do any management to the Office 365 Tenant that would require you to use PowerShell and make for a very bad day.

 Set-User -Identity <ALIAS> -RemotePowerShellEnabled:$False


Filed under: Office 365, PowerShell