Microsoft announced yesterday that it’s blocking the use of Remote PowerShell (RPS) protocol for Exchange Online in June 2023. The company recommends organizations to plan their migrations to the latest Exchange Online PowerShell module.
In October, Microsoft started killing off Basic Authentication support for Exchange Online customers to prevent password spray attacks. This change applies to seven email connection protocols including RPC, Exchange Web Services (EWS), MAPI, Exchange ActiveSync (EAS), Offline Address Book (OAB), IMAP, POP, and Remote PowerShell (RPS). However, many IT admins still use RPS with Basic Authentication to communicate with Exchange Online.
Microsoft released the REST-based Exchange Online PowerShell v3 module back in September 2022. The company claims that it’s more secure as compared to older modules (v1 and v2) because it supports modern authentication. Moreover, the Exchange Online PowerShell v3 module is reliable because it comes with a query retry feature and brings performance improvements.
“As we continue to enhance the security of our cloud, our plan is to move the Exchange Online admin experience to REST-based APIs. As part of that plan, we will be deprecating the legacy RPS protocol. The RPS deprecation plan applies to all Exchange Online customers using RPS in any way (using PS module or otherwise),” the Exchange team explained.
Microsoft has already started the deprecation of the Exchange Online PS v1 and v2 modules versions 1 and 2. Going forward, the company will no longer release feature updates for these modules. Microsoft expects to complete the deprecation process in January and July 2023, respectively.
If you’re still using RPS for Exchange Online connections, Microsoft advises switching to the REST-based v3 module and using REST cmdlets instead. You can check out the Exchange blog for more details.