Jul 18, 2026
Policy

Microsoft delays Exchange Online PowerShell credential cutoff

Microsoft moved the retirement of the -Credential parameter to December 2026, giving admins more time to replace password-based automation.

Renata Fuchs

By Renata Fuchs · Policy Reporter

· 2 min read

Microsoft delays Exchange Online PowerShell credential cutoff
Photo: The Register

Microsoft has pushed back its planned removal of the -Credential parameter from Exchange Online PowerShell from July 2026 to December 2026, citing customer feedback. The change matters for enterprise IT teams and service providers because scripts that still pass stored usernames and passwords into Exchange Online or Security & Compliance PowerShell will fail after affected module updates.

The parameter is used with Exchange Online PowerShell connections, allowing administrators to supply saved username and password credentials. Microsoft has been moving customers away from that pattern as it phases out password-based authentication in favor of more secure methods. The company has not said how many organizations still depend on the parameter, and it did not provide a breakdown of the customer feedback that led to the delay.

The operational issue is straightforward: many organizations have years of PowerShell automation tied to mail administration, compliance workflows and tenant operations. Finding every script that uses -Credential, replacing the authentication approach and validating that the workflow still runs can be slow work, especially where the original author has moved on or the automation is embedded in broader processes.

Microsoft said the cutoff will apply to the Connect-ExchangeOnline and Connect-IppsSession cmdlets in the Exchange Online PowerShell module. In Microsoft’s wording, “If your organization uses the -Credential parameter in PowerShell scripts or automation workflows connecting to Exchange Online or Security & Compliance PowerShell, those scripts will break when you update to an Exchange Online PowerShell module version released beginning December 2026.”

That timing creates two separate deadlines for administrators. The first is tied to client-side module updates: once an organization installs an Exchange Online PowerShell module released from December 2026 onward, automation that still depends on -Credential will stop working. The second is a later server-side retirement of the authentication flow itself, which Microsoft said is planned for a later date. When that happens, the parameter will stop working even for customers running older versions of the module.

The delay gives affected teams several extra months, but it does not change the direction of travel. Microsoft said customers should move off the parameter before the deadline rather than wait for the December 2026 module change.

For IT operators, the practical work is discovery and remediation: identify scripts that call Connect-ExchangeOnline or Connect-IppsSession with stored credentials, replace that authentication pattern where possible and test the updated automation before the module cutoff. Microsoft’s notice also means organizations that delay module updates will not have a permanent workaround, since the server-side retirement is still pending.

This story draws on original reporting from The Register.

More from Policy

All Policy →