Microsoft To Block Remote PowerShell for Exchange Online in 2023

Microsoft is phasing out the use of Remote PowerShell for Exchange Online, and will block its use next year.

Remote PowerShell for Exchange Online will get blocked starting on June 1, 2023, per a Thursday Microsoft announcement. The announcement included deadlines for IT pros to switch to the latest Exchange Online PowerShell module instead.

IT pros should switch to using the Exchange Online PowerShell version 3 module, which provides "REST-based APIs," Microsoft advised. The Exchange Online PowerShell v3 module reached the "general availability" commercial-release stage back in September.

Microsoft had described the Exchange Online PowerShell v3 module back then as being "more secure" than earlier modules (v1 and v2). It supports so-called "Modern Authentication" (for instance, it permits multifactor authentication for user ID verifications). In contrast, Remote PowerShell for Exchange Online depends on using "Basic Authentication" (a simple user name plus password approach).

Microsoft had also suggested that the Exchange Online PowerShell v3 module was more reliable than earlier modules because it adds a query retry capability. It offers better performance as well, because it "avoids setting up a PowerShell run space," Microsoft argued.

Microsoft has already started "deprecating" Remote PowerShell for Exchange Online versions 1 and 2, which means they "will no longer receive feature updates." The deprecations will be complete, respectively, in January and July, 2023.

"After July 1, customers will not be able to use RPS [Remote PowerShell] when connecting to Exchange Online and will have to use the v3 module with REST cmdlets instead," the announcement indicated.

Rationales for deprecating Remote PowerShell for Exchange Online weren't given in the announcement. Microsoft likely is just completing its efforts to end the use of Basic Authentication with Exchange Online, which is seen as being subject to password spray attacks (guessing commonly used passwords).

Microsoft had indicated in September that Basic Authentication for Exchange Online would be turned off for end users in organizations starting on Oct. 1, 2022. Basic Authentication use for end users will reach a permanent end on Jan. 1, 2023, Microsoft had indicated back then.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube