Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidg6475zz4gug3ktjwvgnscrropgxhafl3t6wudtjonqgwmjlk3qe",
    "uri": "at://did:plc:xxrzfynfiasdpbxteqxi4jgq/app.bsky.feed.post/3mgqop3ekkie2"
  },
  "description": "Microsoft will retire the -Credential parameter in Exchange Online PowerShell cmdlets starting July 2026, requiring organizations to migrate scripts to modern authentication methods with MFA or app-only/managed identity authentication to avoid disruptions. This enhances security by eliminating le...",
  "path": "/m365-message-center/message/mc1248389/",
  "publishedAt": "2026-03-11T01:00:14.000Z",
  "site": "https://blog.tophhie.cloud",
  "tags": [
    "-Credential parameter",
    "Connect-ExchangeOnline",
    "Connect-IppsSession",
    "Connect to Exchange Online PowerShell",
    "App-only authentication for unattended scripts in Exchange Online PowerShell and Security & Compliance PowerShell",
    "Use Azure managed identities to connect to Exchange Online PowerShell",
    "Exchange Team Blog"
  ],
  "textContent": "🚨\n\n**Major Update:** This post contains a significant change that may impact your organisation.\n\n**[Introduction]**\n\nMicrosoft is retiring the -Credential parameter used when connecting to Exchange Online PowerShell. Starting with module versions released in **July 2026 and later** , the -Credential parameter will be removed from both Connect-ExchangeOnline and Connect-IppsSession cmdlets. Organizations using this parameter in automation scripts must migrate to a supported authentication method before that date. This change improves security by moving away from legacy authentication methods that do not support modern protections such as multifactor authentication (MFA).\n\n**[When this will happen:]**\n\n  * The **-Credential parameter** will be removed from **Connect-ExchangeOnline** and **Connect-IppsSession** cmdlets in **Exchange Online PowerShell** module versions released beginning **July 2026**.\n  * A separate server-side retirement of the underlying authentication flow is planned for a later date and will be communicated in advance.\n\n\n\n**[How this affects your organization:]**\n\n**Who is affected:**\n\n  * Microsoft 365 administrators using **Exchange Online** or **Security & Compliance PowerShell**\n  * Organizations with automation scripts that use the **-Credential parameter**\n\n\n\n**What will happen:**\n\n  * If your organization uses the **-Credential parameter** in PowerShell scripts or automation workflows connecting to **Exchange Online** or **Security & Compliance PowerShell**, those scripts will break when you update to an Exchange Online PowerShell module version released beginning **July 2026**.\n  * No impact if your organization does not use the **-Credential parameter**\n\n\n\n**What you can do to prepare:**\n\n  * If you are using the **-Credential parameter** , begin migrating your scripts now. Do not wait until **July 2026**. Choose the appropriate alternative based on your scenario:\n    * **Interactive admin access:** Switch to modern authentication with MFA. Learn more: Connect to Exchange Online PowerShell.\n    * **Automation outside Azure:** Use app-only authentication (certificate-based or client secret). Learn more: App-only authentication for unattended scripts in Exchange Online PowerShell and Security & Compliance PowerShell.\n    * **Automation within Azure:** Use managed identity authentication (no secrets required). Learn more: Use Azure managed identities to connect to Exchange Online PowerShell.\n  * Review internal documentation and communicate changes to admins\n  * If you are not using the **-Credential parameter** , no action is required.\n\n\n\n**Additional information**\n\nThis change is currently **client-side only** and will not take effect automatically. Your existing scripts will continue to work if you continue using an Exchange Online PowerShell module version released before **July 2026**. The **-Credential parameter** will only be removed when you upgrade to a module version released in **July 2026 and later**.\n\nA separate **server-side retirement** of the Credential parameter authentication flow is planned for a later date. When that occurs, the **-Credential parameter** will stop functioning even on older module versions. Microsoft will communicate that timeline separately and provide advance notice before any service-side changes take effect.\n\nWe strongly recommend migrating proactively rather than waiting, to avoid disruption when either change occurs. If you have questions or concerns, contact Microsoft Support or leave a comment on the Exchange Team Blog post.\n\n**[Compliance considerations:]**\n\n**Compliance area** | **Impact**\n---|---\nConditional Access policies | Retiring the -Credential parameter removes use of the ROPC authentication flow and enables enforcement of Conditional Access and multifactor authentication for Exchange Online PowerShell connections.",
  "title": "MC1248389: Retirement of -Credential parameter when connecting to Exchange Online PowerShell",
  "updatedAt": "2026-03-11T01:00:15.129Z"
}