diff --git a/src/vs/workbench/contrib/terminal/common/scripts/shellIntegration.ps1 b/src/vs/workbench/contrib/terminal/common/scripts/shellIntegration.ps1
index 3c37defc7b28e..b65e3bf007702 100644
--- a/src/vs/workbench/contrib/terminal/common/scripts/shellIntegration.ps1
+++ b/src/vs/workbench/contrib/terminal/common/scripts/shellIntegration.ps1
@@ -10,7 +10,28 @@ if ((Test-Path variable:global:__VSCodeState) -and $null -ne $Global:__VSCodeSta
 
 # Disable shell integration when the language mode is restricted
 if ($ExecutionContext.SessionState.LanguageMode -ne "FullLanguage") {
-	return;
+	$LanguageMode = $ExecutionContext.SessionState.LanguageMode
+	if ($LanguageMode -ne "ConstrainedLanguage") {
+		return;
+	}
+	try {
+		# PowerShell 7.4+ supports audit-only constrained language mode, which is safe to run.
+		# Older PowerShell versions do not have SystemPolicy/GetSystemLockdownPolicy, so block.
+		$SystemPolicyType = [Type]::GetType("System.Management.Automation.Security.SystemPolicy, System.Management.Automation", $false)
+		if (-not $SystemPolicyType) {
+			return;
+		}
+		$SystemPolicyMethod = $SystemPolicyType.GetMethod("GetSystemLockdownPolicy")
+		if (-not $SystemPolicyMethod) {
+			return;
+		}
+		$Lockdown = $SystemPolicyMethod.Invoke($null, $null)
+		if ($Lockdown -and $Lockdown.ToString() -ne "Audit") {
+			return;
+		}
+	} catch {
+		return;
+	}
 }
 
 $Global:__VSCodeState = @{