Leaving PowerShell access open in Entra ID can expose your tenant to unnecessary risk.
If you haven’t restricted access to PowerShell-related enterprise applications yet, now is the time to review your configuration.
What to check
Navigate to:
Entra ID → Enterprise Applications
Search for “PowerShell” and clear the Application Type = Enterprise Applications filter.
Repeat this process for:
-
Graph Command Line Tools
-
Graph Explorer
How to lock it down
For each PowerShell or Graph-related application:
-
Go to Properties
-
Set Assignment required to Yes
-
-
Go to Users and groups
-
Assign an Entra ID security group containing only approved users
-
With this configuration in place, any user who attempts to sign in without being a member of an assigned security group will be blocked by default.
This is a simple but effective step to strengthen identity and application security across your Microsoft 365 environment.
#Entra #EntraID #M365 #PowerShell #IdentitySecurity #AppSec #CyberSecurity #ApplicationSecurity #IAM
No comments:
Post a Comment