Over the past few years, I’ve covered the evolution of the Exchange Online “V2” PowerShell module extensively. Back when the module was first announced, together with fellow MVP Ingo Gegenwarth we hosted a Webinar to explore its features in more detail. Due to popular demand, a second webinar followed few months later.
As Microsoft released new versions of the module, I covered features such as certificate-based authentication support, connecting via a client secret, multi-tenant scenarios, the removal of the WinRM dependence, to name a few. This hardly covers even half of the features the team has introduced, and you can find a more detailed release log over at the PowerShell gallery.
Now, the 3.0.0 GA version has been released, nicknamed “V3”, bringing official support for all those nifty features. Make no mistake, this is a major release, and one that you should switch to immediately. And I’m not talking only about the impending basic authentication deprecation. No, the V2 module addressed that a long time ago. What the V3 module brings to the table however is much more than that. By using the InvokeCommand method, all the familiar cmdlets have been reworked as direct, RESTful queries against an HTTPS endpoint. This not only gets rid of the WinRM dependencies, but brings speed, reliability and security improvements, while at the same time ensuring backwards compatibility, so that your existing scripts and solutions will continue working. And that’s a major feat!
The team has gone even further than that. While by default the new RESTful endpoint will be used, you can still create a Remote PowerShell session if for some reason you need to do so. This is made possible thanks to the -UseRPSSession switch, which you can provide when running the Connect-ExchangeOnline cmdlet. And to further enhance the automation capabilities, support for managed identities was introduced a while back (read about it in Tony’s article here).
I won’t bore you with more details, as they were already covered in all the articles I linked to above. The important takeaway here is to update to the V3 module as soon as possible, and say your goodbyes to good old Remote PowerShell!
And while I did mention that your existing scripts should just work, this doesn’t mean that you should not be reviewing them and make some changes to take advantage of all the goodness the V3 module provides. I know that’s what I will be doing in the next few weeks!
5 thoughts on “Exchange Online V3 PowerShell module released”
Is it true statement to say that when App-only authentication for unattended scripts in Exchange Online PowerShell is used that RBAC model is broken?
In other words you cannot use any Exchange custom RBAC role groups with custom scopes. App-only authentication will always use builtin Exchange Admin role.
Need is to have multiple unattended scripts each using their (previously service accounts) now azure app that will have custom role and scope.
No, you cannot assign custom Role groups to the service principal currently, the permissions it gets are determined based on the Azure AD role assigned.
Thanks for the great article! I have a question, maybe you know the answer?
With the old module, we had to make use of Get-PSSession and Invoke-Command to expand objects and properties of “sub-objects”.
– Do we need to use the -UseRPSSession switch and make use of Get-PSSession as before (which would require to continue using Basic Authentication in the background) or
– Will that work without Invoke-Command now?
Thanks in advance!
This method should still work, but only with -UseRPSSession. This does not mean you will be using basic auth though, the session is still established by passing an OAuth token.
Thanks for your answer! That’s what we suspected. Let’s hope “UseRPSSession” remains available or a better solution comes along.