To limit the ability of hackers to perform large-scale actions on mailboxes if/when they break in. Such an action can be mitigated by removing the ability to use PowerShell from users who will not need it for day-to-day email usage. Removing from administrators may limit your ability to use automation tools.
This setting can only be applied through PowerShell (see Microsoft’s documentation below).
You can configure one of the following options when you apply Settings:
- Remove from non-Admin: Powershell scripting will be disabled for all non-admin users.
- Grant to all users: Powershell scripting will be enabled for all users.
- Do not modify (Ignore): We will not monitor nor attempt to modify the user’s ability to use Powershell. We recommend using this option if you want to customize the user’s access to PowerShell. Warning: Users have PowerShell scripting enabled by default upon creation.
This setting can only be enabled through Exchange Online Powershell.
Microsoft’s documentation on Access to Exchange Online Powershell: https://docs.microsoft.com/en-us/powershell/exchange/disable-access-to-exchange-online-powershell?view=exchange-ps