Microsoft Purview compliance portal: eDiscovery PowerShell cmdlet support for certificate-based authentication

Originally posted by Microsoft Feb 15, 2023 Uncategorized 0 Comments

We are announcing eDiscovery PowerShell cmdlet’s official support for certificate-based authentication (CBA).

This message is associated with Microsoft 365 Roadmap ID 106112.

When this will happen:

Rollout will begin in late February and is expected to be complete by late March.

How this will affect your organization:

Many organizations rely on unattended scripts built using the security and compliance PowerShell cmdlet to automate eDiscovery workflow. In the past, any unattended script relied on basic authentication techniques where it required the user to store the username and password in a local file or in a secret vault accessed at run-time. This method is no longer recommended as it poses the risk of stolen credentials. See Deprecation of Basic authentication in Exchange Online.

eDiscovery cmdlets will support CBA or app-only authentication as described in this article by end of February 2023. It supports unattended script and automation scenarios by using Azure AD apps and self-signed certificates. Certificate-based authentication provides admins the ability to run scripts without the need to create service-accounts or store credentials locally.

Note: 

What you need to do to prepare:

Get started with eDiscovery in the Microsoft Purview compliance portal: 

We encourage all eDiscovery users who rely on basic authentication with their unattended script to migrate the script authentication to use CBA as soon as possible. Please note that Service Principal will be needed to run eDiscovery cmdlets. Refer to this article for the steps.

  • This change will affect the authentication method of your organization’s eDiscovery unattended script. 
  • After basic authentication is changed to CBA your script should be more secure against potential attackers who may be interested in stealing your locally stored credentials. 

Assess if the changes will change your organization’s eDiscovery automation workflow. If so, you may wish to update internal documentation and script authentication and provide training to all eDiscovery users in your organization.

Learn more: App-only authentication in Exchange Online PowerShell and Security & Compliance PowerShell

Message ID: MC515529

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: