This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 9%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Hi
Looking to block access to Exchange Online PowerShell via a client access rule for all users with exception of IT staff and need to be cautious to not lock everyone out of the tenant. Can anyone advise if the below syntax looks right to block all users with exception of specific accounts. This is cloud only, no hybrid:
New-ClientAccessRule -Name "Deny Access to RemotePowerShell" -Action DenyAccess -AnyOfProtocols RemotePowerShell -Enabled $true -UsernameMatchesAnyOfPatterns * -ExceptUsernameMatchesAnyOfPatterns *user1,*user2 -Priority 8 -Scope Users
Thanks in advance
A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.
Answer accepted by question author
You can use the Test-ClientAccessRule to check this. As a best practice, you should add a default "allow Remote PowerShell" rule and scope it to at least few users.
Thank you Michev. The plan was to create an allow rule with priority 1 to allow access to 2 IT staff and then create the deny rule.