To run scripts and cmdlets in Exchange Online, you need to connect to your organization with PowerShell. If you’re still using New-PSSession
or a legacy ExchangeOnlineManagement module, you need to update your methods, and do it quick. I’ll show you how to update Exchange Online PowerShell module to EXO V3 module, why the change is needed and how much time you have left.
When to update
Microsoft announced that they will start to block RPS (Remote PowerShell) Protocol in Exchange Online on June 1, 2023. The protocol should be completely deprecated for all tenants on July 1, 2023.
To translate it to simpler terms, starting July 1, 2023, you will need to use Exchange Online Management PowerShell V3 module. If you do not take any steps before this date, you might lose connection to your admin’s toolbox and your Exchange Online scripts might stop working.
After the final deadline, you won’t be able to use the -UseRPSSession
switch while connecting to Exchange Online with the Connect-ExchangeOnline cmdlet. The parameter grants you access to all existing (remote) PS cmdlets in Exchange Online PowerShell.
How to prepare for the change
If you’re using PowerShell to manage Exchange Online, you need to use the relatively new v3 Exchange Online Management module. The module is in Global Availability now and it’s best to install it right now.
Update Exchange Online PowerShell module
This Microsoft article states that the V2 Exchange Online Management module is dying. This official guide recommends you uninstall the old EXO module and then install the new one. I’m sure there is a valid reason to push admins down this path, but I find it easier to simply update the old module. The only side-effect of this method was that I’ve seen a double IntelliSense suggestion for e.g. Connect-ExchangeOnline
. The side effect prevailed for about 5 minutes after restarting the Windows PowerShell ISE, so I wouldn’t exactly call it troublesome.
So, to update the Exchange Online PowerShell module, simply run your Exchange Online PowerShell console with admin permissions and use the following cmdlet:
Update-Module -Name ExchangeOnlineManagement
Once you agree to everything, the new and shiny V3 module should install in a moment.
If, for some reason, you’re unable to run an update this way, you can uninstall the old module with:
Uninstall-Module ExchangeOnlineManagement
and install a new one from the PowerShell gallery.
How to connect to Exchange Online with PowerShell
In short, you need to use Connect-ExchangeOnline
and stop using New-PSSession
for Exchange Online connections. That’s old news, though. I’ve recommended switching to the new method long ago in How to connect to Exchange Online with PowerShell.
The new method supports MFA, is more secure and, most importantly, will work after July 1, 2023.
About Exchange Online PowerShell V3 module
Now that you’re ready for the upcoming change, there’s the question of why the change is needed. What’s the big deal? How is the V3 module better?
The change can be summed up with one keyword: security. RPS (Remote PowerShell) Protocol used in New-PSSession
or with the -UseRPSSession
switch requires Basic authentication in WinRM on the client computer.
Some time ago, I posted about how Microsoft planned (and executed) blocking basic authentication in Microsoft 365. Despite all those long-going efforts, there are still some loose ends. While the V3 module ties some of them (like the need to enable basic authentication in WinRM for ExO connections), there are still some left. Let me quote the Microsoft’s page:
“… All cmdlets in Security & Compliance PowerShell still rely on the remote PowerShell session, so PowerShell on your client computer requires Basic authentication in WinRM to successfully use the Connect-IPPSSession cmdlet.”
Forcing admins to switch to EXO V3 module is a good step forward.
Another thing is that V3 (like the V2 module) is backed by the REST API. However, according to this Microsoft’s website, the new, REST API-powered cmdlets have the same names and work just like their legacy equivalents. What’s more, they should have better security, performance and reliability. Theoretically, there’s no need to update any scripts after you change the way you connect to PowerShell. However, if you come across any problems, or have any concerns, Microsoft provides a dedicated email address to hear them: [email protected].
CodeTwo sp. z o.o. sp. k. is a controller of your personal data.
See our Privacy Policy to learn more.