Starting in July 2026, it will disappear from Connect-ExchangeOnline and Connect-IppsSession, and any script still using it will break when you update the module.
The -Credential parameter runs on an older auth flow (ROPC) that doesn’t support MFA or Conditional Access. Microsoft is closing that gap, and it’s the right move for security.
Quick self-check: Do any of your scripts use -Credential to connect to Exchange Online or Security & Compliance PowerShell?
✅ No → You’re fine, nothing to do.
⚠️ Yes → Keep reading.
This retirement rolls out in two phases:
- July 2026 — The parameter will be removed from new module versions. Older modules still work, but upgrading breaks your scripts
- Later (TBD) — Server-side retirement. Even older modules stop working. Microsoft will give advance notice before this hits.
What to migrate to:
- For Interactive admin access → Use Modern auth with MFA
- For Automation outside Azure → Use App-only auth (certificate or client secret)
- For Automation inside Azure → Use Managed Identity (cleanest option — no secrets needed)
Migrate now, on your own timeline, without the pressure.