Share via

Is there a way to block "Microsoft Azure PowerShell" for all users?

Andy Goldberg 0 Reputation points
2024-03-14T20:59:31.23+00:00

Greetings,

I'm afraid that this one can't be blocked by design, but I will ask anyway. Is there a way to block login attempt from Microsoft Azure PowerShell? We are constantly probed from all around the world, and I can't see to figure out how to block this. We are blocking all unused apps via Conditional Access Rules, plus there is a geolocation filter, but it kicks in only after successful authentication.

azure_powershell

azure_powershell2

Azure Information Protection
Azure Information Protection

An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
Microsoft Security | Intune | Security
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. PauloNogueira-0197 40 Reputation points
    2026-03-23T11:09:59.02+00:00

    **CA policies can only target apps that have a service principle registered. To fix this you need to create a service principle using GraphApi/Explorer or PowerShell.

    Step 1 — Create the service principal via Graph Explorer:**

    Method: POST

    URL: https://graph.microsoft.com/v1.0/servicePrincipals

    Body:

    { "appId": "1b730954-1685-4b74-9bfd-dac224a7b894" }

    
**Step 2 — Create CA policy using Graph Explorer (REPORT ONLY FIRST, THEN ENABLE)**

Method: POST

URL: https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies

Body:


```json
{
  "displayName": "Block App 
  "state": "enabledForReportingButNotEnforced",
  "conditions": {
    "clientAppTypes": ["all"],
    "applications": {
      "includeApplications": ["1b730954-1685-4b74-9bfd-dac224a7b894"],
      "excludeApplications": []
    },
    "users": {
      "includeUsers": ["All"],
      "excludeUsers": [],
      "excludeGroups": [],
      "excludeRoles": []
    }
  },
  "grantControls": {
    "operator": "OR",
    "builtInControls": ["block"]
  }
}
    0 comments
  2. Gudivada Adi Navya Sri 21,095 Reputation points Moderator
    2024-03-22T13:52:15.05+00:00

    Hi @Andy Goldberg

    Thank you for posting this in Microsoft Q&A.

    I understand that you want to know way to block "Microsoft Azure PowerShell" for all users.

    You can use conditional access policy or script to block Microsoft Azure PowerShell for all users in Entra. I noticed that you have already tried the conditional access policy.

    Please follow the steps which mentioned in this document: Blocking Powershell

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

  3. Marcin Policht 86,615 Reputation points MVP Volunteer Moderator
    2024-03-14T22:20:38.0766667+00:00

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.