PowerShell's execution policy adds another layer of security to administrators. The default setting prevents executing scripts in order to be able to support automation, modules, or complex scripts. There are two other settings, that allow us to run scripts as long as they are signed.

Prevention of code execution is not the ultimate goal of these execution policy settings. A malicious agent may simply copy the remote script and execute it by copying and pasting the code in a PowerShell Terminal. The signed script's goal is to guarantee that the source of it is known and trusted and that the contents of the script code have not been tampered with.

Being able to validate the signature of a script allows some flexibility, such as being able to download scripts from a file share or web location. As long as the private key used to sign the scripts is kept safe by the author and the public key of the certificate is valid and remains trusted, the consumer can validate that the contents of the scripts are from the author and they have not been modified after being signed.

An Office 365 administrator will either author scripts or manage scripts created by developers or third-parties. In either case, the task is to establish a secure means of storing and executing scripts.