Microsofts recommendation is not to block PowerShell completely, as it is required for many operating system and system management tasks. Microsoft does not recommend blocking PowerShell on server systems. Deploying Device Guard / Application Control policies to allow pre-approved administrative tasks to use the full capability of the. PowerShell language. Deploys Windows 10 to give your antivirus provider full access to all content processed by Windows Scripting Hosts including PowerShell. Implement Just Enough Administration on high-value systems to eliminate or reduce unconstrained administrative access to those systems.”]
Source: https://devblogs.microsoft.com/powershell/defending-against-powershell-attacks/

