Microsoft is introducing a new security requirement for Security & Compliance PowerShell when running certain eDiscovery-related cmdlets.
If you manage eDiscovery cases through PowerShell (instead of the Purview portal), this will affect you. From August 31, 2025, you’ll need to:
- Use Exchange Online PowerShell v3.9.0 or later
- Add the new -EnableSearchOnlySession parameter when running Connect-IPPSSession
Connect-IPPSSession -EnableSearchOnlySession
This change is part of Microsoft’s Secure Future Initiative (SFI) to strengthen authentication and reduce security risks when Purview connects to SharePoint or Exchange. And this applies to cmdlets like:
- New-ComplianceSearchAction
- New-CaseHoldPolicy / Set-CaseHoldPolicy / Remove-CaseHoldPolicy
- New-CaseHoldRule / Set-CaseHoldRule / Remove-CaseHoldRule
- New-ComplianceSecurityFilter and related commands
💡 Good to know:
- If you use the Purview portal for eDiscovery, no impact.
- These cmdlets still do not support Certificate-Based Authentication (CBA).
If you have scripts or workflows using these commands, update them before the deadline to avoid disruptions. Know full details here:
https://learn.microsoft.com/en-us/purview/ediscovery