Microsoft To Block Remote PowerShell for Exchange Online in 2023 -- Redmondmag.com

Microsoft To Block Remote PowerShell for Exchange Online in 2023

By Kurt Mackie
12/15/2022

Microsoft is phasing out the use of Remote PowerShell for Exchange Online, and will block its use next year.

Remote PowerShell for Exchange Online will get blocked starting on June 1, 2023, per a Thursday Microsoft announcement. The announcement included deadlines for IT pros to switch to the latest Exchange Online PowerShell module instead.

IT pros should switch to using the Exchange Online PowerShell version 3 module, which provides "REST-based APIs," Microsoft advised. The Exchange Online PowerShell v3 module reached the "general availability" commercial-release stage back in September.

Microsoft had described the Exchange Online PowerShell v3 module back then as being "more secure" than earlier modules (v1 and v2). It supports so-called "Modern Authentication" (for instance, it permits multifactor authentication for user ID verifications). In contrast, Remote PowerShell for Exchange Online depends on using "Basic Authentication" (a simple user name plus password approach).

Microsoft had also suggested that the Exchange Online PowerShell v3 module was more reliable than earlier modules because it adds a query retry capability. It offers better performance as well, because it "avoids setting up a PowerShell run space," Microsoft argued.

Microsoft has already started "deprecating" Remote PowerShell for Exchange Online versions 1 and 2, which means they "will no longer receive feature updates." The deprecations will be complete, respectively, in January and July, 2023.

"After July 1, customers will not be able to use RPS [Remote PowerShell] when connecting to Exchange Online and will have to use the v3 module with REST cmdlets instead," the announcement indicated.

Rationales for deprecating Remote PowerShell for Exchange Online weren't given in the announcement. Microsoft likely is just completing its efforts to end the use of Basic Authentication with Exchange Online, which is seen as being subject to password spray attacks (guessing commonly used passwords).

Microsoft had indicated in September that Basic Authentication for Exchange Online would be turned off for end users in organizations starting on Oct. 1, 2022. Basic Authentication use for end users will reach a permanent end on Jan. 1, 2023, Microsoft had indicated back then.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.