Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

Microsoft delays Exchange Online PowerShell credential change to 2026

Microsoft has pushed back the retirement of the -Credential parameter for Exchange Online PowerShell to the end of 2026, giving UK IT admins more time to adapt. The move aims to ease the transition to modern authentication methods.

  • Microsoft has extended the deadline for removing the -Credential parameter in Exchange Online PowerShell until the end of 2026.
  • The delay gives UK businesses and IT teams additional time to migrate to secure, modern authentication protocols.
  • The change is part of Microsoft's broader push to phase out basic authentication and improve security.

Microsoft has announced a reprieve for IT administrators managing Exchange Online, delaying the removal of the -Credential parameter in PowerShell until the end of 2026. The software giant originally planned to retire the parameter earlier, but has now extended the timeline to allow organisations more time to transition to modern authentication methods, such as OAuth 2.0.

The -Credential parameter has long been a staple for scripting and automation in Exchange Online, but it relies on basic authentication, which is increasingly seen as a security risk. Basic authentication sends user names and passwords in a less secure manner, making systems more vulnerable to credential theft and replay attacks. Microsoft has been phasing out such methods across its services, urging customers to adopt more robust approaches.

For UK businesses, the delay offers a crucial window to update their IT processes without disruption. Many organisations, particularly in sectors like finance and healthcare, have extensive scripts and automated workflows that depend on the -Credential parameter. Rewriting these to use modern authentication can be time-consuming and requires careful testing. The extension helps avoid a rushed migration that could lead to operational outages or security gaps.

The UK Information Commissioner's Office (ICO) has not issued specific guidance on this change, but the move aligns with broader regulatory trends. The EU AI Act, while not directly applicable, underscores the growing emphasis on secure data handling and accountability in technology. Experts say that adopting modern authentication not only improves security but also helps organisations comply with data protection laws, including the UK GDPR.

Industry commentators note that while the delay is welcome, it should not encourage complacency. "This is a stay of execution, not a pardon," said a cybersecurity analyst at a London-based consultancy. "IT teams should use this time to thoroughly test and implement OAuth-based authentication, ensuring their systems are resilient against evolving threats." For UK consumers, the change is largely invisible, but it underpins the security of email services that millions rely on daily.

For the UK economy, smoother transitions reduce the risk of productivity losses from IT failures. However, businesses that delay too long may face last-minute scrambles, increasing costs and potential security incidents. Microsoft has provided resources and guidance to help administrators make the switch, and the extended deadline is intended to support a gradual, well-managed transition.

Why this matters: UK businesses and public sector organisations rely heavily on Exchange Online for email and collaboration. This delay prevents potential disruption to critical IT operations and gives teams the breathing room needed to strengthen security without downtime.

What this means for you: What this means for you: If your organisation uses Exchange Online, your IT team now has more time to update scripts and automation tools. This reduces the risk of sudden email service disruptions and helps keep your data secure.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.