Limit PowerShell Module Access

Limiting access to administrative PowerShell Modules #

Written: 02/26/25
PROMPT: You want to limit access to specific PowerShell Modules to a defined security group for your tenant.

Resources: #

Microsoft EDU Script
Microsoft Learn Article on Script

Prerequisites: #

  • Have the MS Graph PowerShell Module installed on your computer.
  • Be a Global Administrator in your M365 tenant.
  • Get the script from the Pointless Findings GitHub here.

Notes: #

This script will restrict the following PowerShell Modules:

  • MSOL
  • AzureAD
  • MS Graph
  • EXOv3
  • SharePoint
  • Teams
  • Universal Print
  • Az
  • AzureRM
  • PowerApps
  • ADRM
  • AIPService
  • Power BI

Steps: #

  1. Open Entra Admin center and create a new group, or utilize a current group.
  2. Copy the ObjectId of the group and provide it as a parameter for the script.
  3. Run the script in PowerShell and follow through the prompts to authenticate.
  4. Once the script is complete, you should have limited access to just the group specified.