Microsoft Removes Remote PowerShell for Compliance Sessions

Following the removal of Remote PowerShell connections for Exchange Online, Microsoft is removing Remote PowerShell for the compliance endpoint. The change to REST-based cmdlets is expected to deliver better performance and reliability. The changes are implemented in V3.2 of the Exchange Online management module, which should be available on May 1.

Exchange Online to Stop Support for Remote PowerShell Connections in September 2023

Microsoft has announced that Exchange Online will block Remote PowerShell connections from October 1, 2023. Taken in isolation, this is excellent news and it will contribute to the move to use modern authentication for all client connections to Exchange Online. However, things aren’t quite so good when you realize that the final deprecation of the Azure AD and MSOL PowerShell modules take place at the same time. Lots of work to do to upgrade scripts!

Countdown Accelerating to the Big Basic Authentication Turnoff

October 1, 2022, is when Microsoft begins the final process of removing support for basic authentication for 7 email connection protocols from Exchange Online. The process will take several months to complete, and when it’s done, Office 365 will be a safer place that attackers will find more difficult to penetrate. But it’s time for tenants to prepare, if you haven’t already done so, and we highlight some critical points from Microsoft’s most recent post on this topic.

Exchange Online Adjusts Schedule for Removal of Basic Authentication

Microsoft wants to remove basic authentication from Exchange Online connection protocols. But pressures have forced Microsoft into a new strategy and away from the mid-2021 date for deprecation of basic authentication for five protocols. Instead, Microsoft will disable basic authentication for protocols where it’s not used, include four addition protocols in its target set, and pause action for tenants where basic authentication is in active use. When they restart, Microsoft will give tenants 12 months’ notice that basic authentication will be blocked for a protocol. You can argue that Microsoft should have pressed ahead with their original plan, but would widespread disruption of service be worth the benefit gained from blocking vulnerable protocols? Balancing risk versus reward is often not easy.