@securethelogs By default all users have permission to read directory objects such as users, groups, applications, service principals in there tenant via graph api. PowerShell and VS, make direct graph calls to Azure AD to fetch information, which is why we cannot use the same method as of Azure Portal to restrict access to Azure AD. Restricting read permission via graph api would break the core functionality. So the best we can do is to restrict access to trusted locations via Conditional Access as mentioned in the post that you shared.
-----------------------------------------------------------------------------------------------------------
Please "Accept as answer" wherever the information provided helps you to help others in the community.