Microsoft To Block Remote PowerShell Next Month for New Exchange Online Tenancies
Microsoft has accelerated its Remote PowerShell for Exchange Online deprecation plans a bit for new tenancies, with plans to block its use on April 1, 2023, according to a Tuesday announcement.
Organizations currently using Remote PowerShell for Exchange Online already face a June 1, 2023 block date, which Microsoft had announced back in December. Apparently, that June end date still holds true for those organizations, as Microsoft hasn't changed its messaging. The more acute April 1 (no joke) Remote PowerShell end date just appears to pertain to new Exchange Online subscribers.
As mentioned back in December, Microsoft wants IT pros to switch to using the Exchange Online PowerShell version 3 module using REST-based APIs, instead of using Remote PowerShell. The version 3 module was described as being "more secure and more reliable than the older PowerShell modules," namely versions 1 and 2. New Exchange Online tenancies will only be able to use the version 3 module after April 1.
The Tuesday announcement acknowledged possible IT pain with this planned switch to the Exchange Online PowerShell version 3 module. It'll be possible to request an extension at some point, the announcement suggested:
We heard your concerns related to deprecation timelines. We will soon release a tool to allow tenant admins to request an extension to use RPS for a little longer. We will keep you posted.
Microsoft is killing off Remote PowerShell for Exchange Online for security reasons. It uses Basic Authentication (user name plus password), which is subject to "password spray" attacks (guessing commonly used passwords across an organization). Basic Authentication also lacks support for multifactor authentication, a secondary means of verifying a user's identity.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.