PowerShell 2025 Breaking Changes & Migrations Critical changes, deprecations, and migration paths for PowerShell in 2025. PowerShell 2.0 Removal (August-September 2025) What's Removed PowerShell 2.0 has been completely removed from: Windows 11 version 24H2 (August 2025) Windows Server 2025 (September 2025) Why: Security improvements, reduced attack surface, legacy code cleanup Migration Path

Check if PowerShell 2.0 is installed

Get-WindowsOptionalFeature

Online

FeatureName MicrosoftWindowsPowerShellV2Root

If you still need PowerShell 2.0 (NOT RECOMMENDED)

- Use older Windows versions

- Use Windows containers with older base images

- Upgrade scripts to PowerShell 5.1 or 7+

Recommended: Migrate to PowerShell 7.5+

winget install Microsoft . PowerShell Action Required: Audit all scripts and remove -Version 2.0 parameters from any PowerShell invocations. MSOnline & AzureAD Module Retirement Retirement Timeline Module Stop Working Retirement Complete MSOnline Late May 2025 May 31, 2025 AzureAD March 30, 2025 After July 1, 2025 Critical: These modules will stop functioning - not just deprecated, but completely non-functional . Migration Path From MSOnline/AzureAD to Microsoft.Graph:

OLD (MSOnline) - STOPS WORKING MAY 2025

Connect-MsolService Get-MsolUser Set-MsolUser - UserPrincipalName "user@domain.com" - UsageLocation "US"

NEW (Microsoft.Graph 2.32.0)

Connect-MgGraph

Scopes "User.ReadWrite.All" Get-MgUser Update-MgUser - UserId "user@domain.com" - UsageLocation "US"

OLD (AzureAD) - STOPS WORKING MARCH 2025

Connect-AzureAD Get-AzureADUser New-AzureADUser - DisplayName "John Doe" - UserPrincipalName "john@domain.com"

NEW (Microsoft.Graph 2.32.0)

Connect-MgGraph

Scopes "User.ReadWrite.All" Get-MgUser New-MgUser - DisplayName "John Doe" - UserPrincipalName "john@domain.com" Alternative: Use Microsoft Entra PowerShell module (successor to AzureAD) Install-Module - Name Microsoft . Graph . Entra - Scope CurrentUser Connect-Entra Get-EntraUser Common Command Mappings MSOnline/AzureAD Microsoft.Graph Notes Get-MsolUser / Get-AzureADUser Get-MgUser Requires User.Read.All scope Get-MsolGroup / Get-AzureADGroup Get-MgGroup Requires Group.Read.All scope Get-MsolDevice / Get-AzureADDevice Get-MgDevice Requires Device.Read.All scope Connect-MsolService / Connect-AzureAD Connect-MgGraph Scope-based permissions WMIC Removal (Windows 11 25H2) What's Removed Windows Management Instrumentation Command-line (WMIC) tool removed after upgrading to Windows 11 25H2+. Migration Path From WMIC to PowerShell WMI/CIM:

OLD (WMIC) - REMOVED

wmic process list brief wmic os get caption

NEW (PowerShell CIM)

Get-CimInstance

ClassName Win32_Process | Select-Object Name , ProcessId , CommandLine Get-CimInstance - ClassName Win32_OperatingSystem | Select-Object Caption , Version

For detailed process info

Get-Process | Format-Table Name , Id , CPU , WorkingSet - AutoSize

For system info

Get-ComputerInfo | Select-Object WindowsProductName , WindowsVersion PowerShellGet → PSResourceGet Migration Modern Package Management (2025) PSResourceGet is the official successor to PowerShellGet (2x faster, actively developed).

Install PSResourceGet (ships with PowerShell 7.4+)

Install-Module

Name Microsoft . PowerShell . PSResourceGet - Force

New commands (PSResourceGet)

Install-PSResource

Name Az

Scope CurrentUser

Replaces Install-Module

Find-PSResource

Name "Azure"

Replaces Find-Module

Update-PSResource

Name Az

Replaces Update-Module

Get-InstalledPSResource

Replaces Get-InstalledModule

Compatibility layer available for legacy scripts

Your old Install-Module commands still work but call PSResourceGet internally

Performance Comparison:

PowerShellGet

10-15 seconds to install module

PSResourceGet

5-7 seconds to install module (2x faster) Test-Json Schema Changes Breaking Change (PowerShell 7.4+) Test-Json now uses JsonSchema.NET instead of Newtonsoft.Json.Schema . Impact: No longer supports Draft 4 JSON schemas.

OLD (Draft 4 schema) - NO LONGER SUPPORTED

$schema = @ " { " $schema ": " http: / / json-schema . org/draft-04/schema

",

"type" : "object" } "@ Test-Json -Json $json -Schema $schema

FAILS in PowerShell 7.4+

NEW (Draft 6+ schema) - SUPPORTED

$schema = @" { " $schema " : "http://json-schema.org/draft-06/schema#" , "type" : "object" } "@ Test-Json - Json $json - Schema $schema

WORKS

Requires -PSSnapin Removed

Breaking Change (PowerShell 7.4+) All code related to

Requires -PSSnapin

has been removed.

OLD (PowerShell 5.1 and earlier)

Requires -PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn

NEW (Use modules instead)

Requires -Modules ExchangeOnlineManagement

Import-Module ExchangeOnlineManagement Connect-ExchangeOnline Security Hardening (2025 Standards) Just Enough Administration (JEA) JEA is now a security requirement for production environments:

Create JEA session configuration

New-PSSessionConfigurationFile

SessionType RestrictedRemoteServer `

Path "C:\JEA\RestrictedAdmin.pssc" - VisibleCmdlets @ { Name = 'Restart-Service' Parameters = @ { Name = 'Name' ; ValidateSet = 'Spooler' } } - LanguageMode NoLanguage

Register JEA endpoint

Register-PSSessionConfiguration

Name RestrictedAdmin `

Path "C:\JEA\RestrictedAdmin.pssc" ` - Force

Connect with limited privileges

Enter-PSSession

ComputerName Server01

ConfigurationName RestrictedAdmin Windows Defender Application Control (WDAC) WDAC replaces AppLocker for PowerShell script control:

Create WDAC policy for PowerShell scripts

New-CIPolicy

FilePath "C:\WDAC\PowerShellPolicy.xml" - ScanPath "C:\Scripts" - Level FilePublisher ` - Fallback Hash

Convert to binary and deploy

ConvertFrom-CIPolicy

XmlFilePath "C:\WDAC\PowerShellPolicy.xml" ` - BinaryFilePath "C:\Windows\System32\CodeIntegrity\SIPolicy.p7b" Constrained Language Mode Constrained Language Mode is now recommended for all users without admin privileges:

Check current language mode

$ExecutionContext . SessionState . LanguageMode

Output: FullLanguage (admin) or ConstrainedLanguage (standard user)

Set system-wide constrained language mode via Group Policy or Environment Variable

Set HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment__PSLockdownPolicy = 4

PowerShell 7.6 Preview Features

Current Status (October 2025)

PowerShell 7.6.0 Preview 5 available (built on .NET 9.0.101)

New Features:

PSRedirectToVariable

Allow redirecting to a variable

Module Rename

ThreadJob → Microsoft.PowerShell.ThreadJob

PSResourceGet 1.1.0

Improved performance and Azure Artifacts support

Check PowerShell version

$PSVersionTable . PSVersion

7.5.4 (stable) or 7.6.0-preview.5

.NET version

[System.Runtime.InteropServices.RuntimeInformation] ::FrameworkDescription

.NET 9.0.101

Migration Checklist Immediate Actions Required (2025) Audit MSOnline/AzureAD usage - Migrate to Microsoft.Graph 2.32.0 before May 2025 Remove PowerShell 2.0 references - Upgrade to PowerShell 7.5+ Replace WMIC commands - Use Get-CimInstance/Get-Process Update JSON schemas - Migrate Draft 4 to Draft 6+ Remove PSSnapin requirements - Convert to modules Adopt PSResourceGet - Faster, modern package management Implement JEA - Role-based access control for production Enable WDAC - Application control for PowerShell scripts Test Constrained Language Mode - For non-admin users Recommended Actions Upgrade to PowerShell 7.5.4 - Latest stable with .NET 9 Adopt Az 14.5.0 - Latest Azure module with zone redundancy Use Microsoft.Graph 2.32.0 - Actively maintained Graph SDK Enable Script Block Logging - Security auditing Implement Code Signing - For production scripts Use Azure Key Vault - For credential management Testing Migration

Test for deprecated module usage

Get-Module MSOnline , AzureAD - ListAvailable

If found, plan migration immediately

Test for PowerShell 2.0 dependencies

Get-Content "script.ps1" | Select-String - Pattern "powershell.exe -Version 2"

If found, remove version parameter

Test for WMIC usage

Get-ChildItem

Path "C:\Scripts" - Recurse - Filter "*.ps1" | Select-String - Pattern "wmic" | Select-Object Path , Line

Verify PowerShell version compatibility

Requires -Version 7.0

Test-Path $PSCommandPath

Ensures script is PowerShell 7+

Resources PowerShell 7.5 Release Notes MSOnline/AzureAD Retirement Info PSResourceGet Documentation JEA Documentation WDAC Documentation Last Updated: October 2025