Every user in your Office 365 is able to access Office 365 via PowerShell. Some of you think that this is a security gap. Actually, it is not. Although users are able to access to Office 365 via PowerShell, that doesn’t mean that they have Administrative rights to perform administrator tasks.
Generally, we use RBAC to give administrator right to IT team and they got Administrative PowerShell rights.
Sometimes, IT managers request that Helpdesk team may have admin access to GUI not PowerShell. They are trying to avoid some accidents:)
You may use below command to disable PowerShell access on a particular user.
to understand that the user has access, run below command in Exchange Online PowerShell
get-user -Identity “Test User” | FL RemotePowerShellEnabled
RemotePowerShellEnabled : True
In order to disable it, run below command
set-user -Identity “Test User” -RemotePowerShellEnabled $false