Microsoft has postponed the removal of the -Credential parameter from Exchange Online PowerShell cmdlets until December 2026, giving admins additional time to modify automation workflows ahead of impending changes to authentication methods.

  • Microsoft delays -Credential parameter removal until December 2026
  • Admins warned to update scripts as password-based auth is deprecated
  • Server-side authentication retirement planned after module update

What happened

Microsoft has officially delayed the retirement of the -Credential parameter in Exchange Online PowerShell modules from July 2026 to December 2026. This parameter allows administrators to authenticate with stored usernames and passwords when connecting to Exchange Online PowerShell, a practice now discouraged in favor of more secure authentication methods.

The delay means that the parameter will remain functional in Exchange Online PowerShell module updates released before December 2026, but any module version released starting in December will not support it. The company took this action due to customer feedback, acknowledging that many organizations require additional time to update and validate automation workflows that rely on this legacy authentication method.

Why it matters

The planned removal represents a significant shift in how administrators authenticate to Exchange Online, reinforcing Microsoft's broader security strategy to eliminate password-based authentication workflows that introduce vulnerabilities. Scripts and automation relying on the -Credential parameter will abruptly fail once unsupported module versions are adopted, potentially disrupting operational processes.

Delaying the retirement allows organizations to methodically audit, refactor, and test their PowerShell scripts to comply with modern authentication standards. However, the persistent use of legacy authentication poses ongoing security risks, making proactive transition critical despite the extended deadline.

What to watch next

Organizations currently using the -Credential parameter should prioritize identifying all impacted scripts and automation workflows to prepare for transitioning to secure authentication methods like OAuth or modern certificate-based approaches well before the December 2026 deadline. Implementing these changes early will reduce operational risk and avoid last-minute issues during module upgrades.

Microsoft has indicated that beyond the PowerShell module update sunset, server-side authentication flows supporting the -Credential parameter will also be retired at a later, unspecified date. Administrators will need to stay alert for future announcements to fully eliminate reliance on deprecated authentication mechanisms within their Exchange Online environments.

Source assisted: This briefing began from a discovered source item from The Register Headlines. Open the original source.
How SignalDesk reports: feeds and outside sources are used for discovery. Public briefings are edited to add context, buyer relevance and attribution before they are published. Read the standards

Related briefings