Microsoft to Replace SharePoint Online PowerShell Module Authentication with OAuth
Microsoft is replacing the legacy IDCRL authentication in SharePoint Online PowerShell with OAuth.
Published: Mar 17, 2025
Key Takeaways:
- Microsoft is upgrading SharePoint Online PowerShell authentication by replacing the legacy IDCRL protocol with OAuth.
- OAuth enhances security by using tokens instead of passwords to reducing the risk of credential theft.
- Administrators should update their SharePoint Online PowerShell module to a version higher than 16.0.25814.12000.
Microsoft is making an important security upgrade to the SharePoint Online PowerShell module by replacing the outdated IDCRL authentication protocol with OAuth. This change, set to take effect on March 28, 2025, enhances security and aligns with modern authentication standards, ensuring a safer and more efficient admin experience.
IDCRL (Identity Client Run Time Library) is an older authentication protocol used to verify user credentials and manage tokens for accessing services. It was used by applications such as Lync 2010 Server, Exchange Online, and Office desktop apps. This protocol handles the authentication process by interacting with Microsoft’s authentication servers to verify credentials.
Microsoft regularly updates the SharePoint Online PowerShell module with new cmdlets and features. Starting March 28, 2025, all versions released after this date (specifically versions higher than 16.0.25814.12000) will use OAuth for authentication.
“Starting with the March 28, 2025 version of SharePoint Online Management Shell, requests using the Connect-SPOService cmdlet will be automatically authenticated with the new OAuth protocol. This update does not change existing admin flows and no other admin action is required,” Microsoft explained.
Microsoft adopts OAuth for safer and more efficient authentication
Microsoft mentioned that this change is part of its ongoing efforts to boost security and adopt modern authentication practices. OAuth (Open Authorization) is a modern authentication protocol designed to offer secure access to resources without sharing user credentials directly. It allows users to grant third-party apps limited access to their resources without exposing their credentials. OAuth uses tokens instead of passwords to reduce the risk of credential theft.
Microsoft notes that administrators can download the latest version of the SharePoint Online management module from the Microsoft Download Center. They can check the existing version of SharePoint Online Management Shell by running the following command in PowerShell: Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select-Object Name, Version.