Back to Details

powershell-2025-changes

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

PowerShell 2025 Breaking Changes & Migrations

2025年PowerShell破坏性变更与迁移指南

Critical changes, deprecations, and migration paths for PowerShell in 2025.
2025年PowerShell的重要变更、弃用说明及迁移路径。

PowerShell 2.0 Removal (August-September 2025)

PowerShell 2.0 移除计划(2025年8月-9月)

What's Removed

移除内容

PowerShell 2.0 has been completely removed from:
  • Windows 11 version 24H2 (August 2025)
  • Windows Server 2025 (September 2025)
Why: Security improvements, reduced attack surface, legacy code cleanup
PowerShell 2.0将从以下系统中完全移除
  • Windows 11 24H2版本(2025年8月)
  • Windows Server 2025(2025年9月)
原因: 安全优化、缩小攻击面、清理遗留代码

Migration Path

迁移路径

powershell
undefined
powershell
undefined

Check if PowerShell 2.0 is installed

Check if PowerShell 2.0 is installed

Get-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root
Get-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root

If you still need PowerShell 2.0 (NOT RECOMMENDED)

If you still need PowerShell 2.0 (NOT RECOMMENDED)

- Use older Windows versions

- Use older Windows versions

- Use Windows containers with older base images

- Use Windows containers with older base images

- Upgrade scripts to PowerShell 5.1 or 7+

- Upgrade scripts to PowerShell 5.1 or 7+

Recommended: Migrate to PowerShell 7.5+

Recommended: Migrate to PowerShell 7.5+

winget install Microsoft.PowerShell

**Action Required:** Audit all scripts and remove `-Version 2.0` parameters from any PowerShell invocations.

---
winget install Microsoft.PowerShell

**需要执行的操作:** 审计所有脚本,移除所有PowerShell调用中的 `-Version 2.0` 参数。

---

MSOnline & AzureAD Module Retirement

MSOnline与AzureAD模块停用

Retirement Timeline

停用时间线

ModuleStop WorkingRetirement Complete
MSOnlineLate May 2025May 31, 2025
AzureADMarch 30, 2025After July 1, 2025
Critical: These modules will stop functioning - not just deprecated, but completely non-functional.
模块停止工作时间完全停用时间
MSOnline2025年5月下旬2025年5月31日
AzureAD2025年3月30日2025年7月1日之后
重要提示: 这些模块将完全无法使用——不只是被弃用,而是彻底停止工作

Migration Path

迁移路径

From MSOnline/AzureAD to Microsoft.Graph:
powershell
undefined
从MSOnline/AzureAD迁移到Microsoft.Graph:
powershell
undefined

OLD (MSOnline) - STOPS WORKING MAY 2025

OLD (MSOnline) - STOPS WORKING MAY 2025

Connect-MsolService Get-MsolUser Set-MsolUser -UserPrincipalName "user@domain.com" -UsageLocation "US"
Connect-MsolService Get-MsolUser Set-MsolUser -UserPrincipalName "user@domain.com" -UsageLocation "US"

NEW (Microsoft.Graph 2.32.0)

NEW (Microsoft.Graph 2.32.0)

Connect-MgGraph -Scopes "User.ReadWrite.All" Get-MgUser Update-MgUser -UserId "user@domain.com" -UsageLocation "US"
Connect-MgGraph -Scopes "User.ReadWrite.All" Get-MgUser Update-MgUser -UserId "user@domain.com" -UsageLocation "US"

OLD (AzureAD) - STOPS WORKING MARCH 2025

OLD (AzureAD) - STOPS WORKING MARCH 2025

Connect-AzureAD Get-AzureADUser New-AzureADUser -DisplayName "John Doe" -UserPrincipalName "john@domain.com"
Connect-AzureAD Get-AzureADUser New-AzureADUser -DisplayName "John Doe" -UserPrincipalName "john@domain.com"

NEW (Microsoft.Graph 2.32.0)

NEW (Microsoft.Graph 2.32.0)

Connect-MgGraph -Scopes "User.ReadWrite.All" Get-MgUser New-MgUser -DisplayName "John Doe" -UserPrincipalName "john@domain.com"

**Alternative:** Use Microsoft Entra PowerShell module (successor to AzureAD)

```powershell
Install-Module -Name Microsoft.Graph.Entra -Scope CurrentUser
Connect-Entra
Get-EntraUser
Connect-MgGraph -Scopes "User.ReadWrite.All" Get-MgUser New-MgUser -DisplayName "John Doe" -UserPrincipalName "john@domain.com"

**替代方案:** 使用Microsoft Entra PowerShell模块(AzureAD的后继版本)

```powershell
Install-Module -Name Microsoft.Graph.Entra -Scope CurrentUser
Connect-Entra
Get-EntraUser

Common Command Mappings

常用命令映射

MSOnline/AzureADMicrosoft.GraphNotes
Get-MsolUser
/ 
Get-AzureADUser
Get-MgUser
Requires User.Read.All scope
Get-MsolGroup
/ 
Get-AzureADGroup
Get-MgGroup
Requires Group.Read.All scope
Get-MsolDevice
/ 
Get-AzureADDevice
Get-MgDevice
Requires Device.Read.All scope
Connect-MsolService
/ 
Connect-AzureAD
Connect-MgGraph
Scope-based permissions
MSOnline/AzureADMicrosoft.Graph备注
Get-MsolUser
/ 
Get-AzureADUser
Get-MgUser
需要User.Read.All权限
Get-MsolGroup
/ 
Get-AzureADGroup
Get-MgGroup
需要Group.Read.All权限
Get-MsolDevice
/ 
Get-AzureADDevice
Get-MgDevice
需要Device.Read.All权限
Connect-MsolService
/ 
Connect-AzureAD
Connect-MgGraph
基于作用域的权限体系

WMIC Removal (Windows 11 25H2)

WMIC 移除(Windows 11 25H2版本)

What's Removed

移除内容

Windows Management Instrumentation Command-line (WMIC) tool removed after upgrading to Windows 11 25H2+.
升级到Windows 11 25H2及以上版本后,**Windows管理规范命令行工具(WMIC)**将被移除。

Migration Path

迁移路径

From WMIC to PowerShell WMI/CIM:
powershell
undefined
从WMIC迁移到PowerShell WMI/CIM:
powershell
undefined

OLD (WMIC) - REMOVED

OLD (WMIC) - REMOVED

wmic process list brief wmic os get caption
wmic process list brief wmic os get caption

NEW (PowerShell CIM)

NEW (PowerShell CIM)

Get-CimInstance -ClassName Win32_Process | Select-Object Name, ProcessId, CommandLine Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object Caption, Version
Get-CimInstance -ClassName Win32_Process | Select-Object Name, ProcessId, CommandLine Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object Caption, Version

For detailed process info

For detailed process info

Get-Process | Format-Table Name, Id, CPU, WorkingSet -AutoSize
Get-Process | Format-Table Name, Id, CPU, WorkingSet -AutoSize

For system info

For system info

Get-ComputerInfo | Select-Object WindowsProductName, WindowsVersion

---
Get-ComputerInfo | Select-Object WindowsProductName, WindowsVersion

---

PowerShellGet → PSResourceGet Migration

PowerShellGet 迁移到 PSResourceGet

Modern Package Management (2025)

现代化包管理(2025年)

PSResourceGet is the official successor to PowerShellGet (2x faster, actively developed).
powershell
undefined
PSResourceGet是PowerShellGet的官方后继版本(速度提升2倍,处于活跃开发状态)。
powershell
undefined

Install PSResourceGet (ships with PowerShell 7.4+)

Install PSResourceGet (ships with PowerShell 7.4+)

Install-Module -Name Microsoft.PowerShell.PSResourceGet -Force
Install-Module -Name Microsoft.PowerShell.PSResourceGet -Force

New commands (PSResourceGet)

New commands (PSResourceGet)

Install-PSResource -Name Az -Scope CurrentUser # Replaces Install-Module Find-PSResource -Name "Azure" # Replaces Find-Module Update-PSResource -Name Az # Replaces Update-Module Get-InstalledPSResource # Replaces Get-InstalledModule
Install-PSResource -Name Az -Scope CurrentUser # Replaces Install-Module Find-PSResource -Name "Azure" # Replaces Find-Module Update-PSResource -Name Az # Replaces Update-Module Get-InstalledPSResource # Replaces Get-InstalledModule

Compatibility layer available for legacy scripts

Compatibility layer available for legacy scripts

Your old Install-Module commands still work but call PSResourceGet internally

Your old Install-Module commands still work but call PSResourceGet internally


**Performance Comparison:**
- **PowerShellGet**: 10-15 seconds to install module
- **PSResourceGet**: 5-7 seconds to install module (2x faster)

---
undefined

Test-Json Schema Changes

性能对比:

Breaking Change (PowerShell 7.4+)

Test-Json now uses JsonSchema.NET instead of Newtonsoft.Json.Schema.
Impact: No longer supports Draft 4 JSON schemas.
powershell
undefined
  • PowerShellGet: 安装模块需要10-15秒
  • PSResourceGet: 安装模块仅需5-7秒(速度快2倍)

OLD (Draft 4 schema) - NO LONGER SUPPORTED

Test-Json 架构变更

破坏性变更(PowerShell 7.4及以上版本)

$schema = @" { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object" } "@
Test-Json -Json $json -Schema $schema # FAILS in PowerShell 7.4+
Test-Json现在使用JsonSchema.NET替代Newtonsoft.Json.Schema
影响: 不再支持Draft 4版本的JSON schema。
powershell
undefined

NEW (Draft 6+ schema) - SUPPORTED

OLD (Draft 4 schema) - NO LONGER SUPPORTED

$schema = @" { "$schema": "http://json-schema.org/draft-06/schema#", "type": "object" } "@
Test-Json -Json $json -Schema $schema # WORKS

---
$schema = @" { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object" } "@
Test-Json -Json $json -Schema $schema # FAILS in PowerShell 7.4+

#Requires -PSSnapin Removed

NEW (Draft 6+ schema) - SUPPORTED

Breaking Change (PowerShell 7.4+)

All code related to 
#Requires -PSSnapin
has been removed.
powershell
undefined
$schema = @" { "$schema": "http://json-schema.org/draft-06/schema#", "type": "object" } "@
Test-Json -Json $json -Schema $schema # WORKS

---

OLD (PowerShell 5.1 and earlier)

#Requires -PSSnapin 已被移除

破坏性变更(PowerShell 7.4及以上版本)

#Requires -PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
所有与
#Requires -PSSnapin
相关的代码都已被移除。
powershell
undefined

NEW (Use modules instead)

OLD (PowerShell 5.1 and earlier)

#Requires -Modules ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement Connect-ExchangeOnline

---
#Requires -PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn

Security Hardening (2025 Standards)

NEW (Use modules instead)

Just Enough Administration (JEA)

JEA is now a security requirement for production environments:
powershell
undefined
#Requires -Modules ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement Connect-ExchangeOnline

---

Create JEA session configuration

安全加固(2025年标准)

最小权限管理(JEA)

New-PSSessionConfigurationFile -SessionType RestrictedRemoteServer 
    -Path "C:\JEA\RestrictedAdmin.pssc"
-VisibleCmdlets @{ Name = 'Restart-Service' Parameters = @{ Name = 'Name'; ValidateSet = 'Spooler' } } ` -LanguageMode NoLanguage
JEA现在是生产环境的强制安全要求:
powershell
undefined

Register JEA endpoint

Create JEA session configuration

Register-PSSessionConfiguration -Name RestrictedAdmin 
    -Path "C:\JEA\RestrictedAdmin.pssc"
-Force
New-PSSessionConfigurationFile -SessionType RestrictedRemoteServer 
    -Path "C:\JEA\RestrictedAdmin.pssc"
-VisibleCmdlets @{ Name = 'Restart-Service' Parameters = @{ Name = 'Name'; ValidateSet = 'Spooler' } } ` -LanguageMode NoLanguage

Connect with limited privileges

Register JEA endpoint

Enter-PSSession -ComputerName Server01 -ConfigurationName RestrictedAdmin
undefined
Register-PSSessionConfiguration -Name RestrictedAdmin 
    -Path "C:\JEA\RestrictedAdmin.pssc"
-Force

Windows Defender Application Control (WDAC)

Connect with limited privileges

WDAC replaces AppLocker for PowerShell script control:
powershell
undefined
Enter-PSSession -ComputerName Server01 -ConfigurationName RestrictedAdmin
undefined

Create WDAC policy for PowerShell scripts

Windows Defender应用控制(WDAC)

New-CIPolicy -FilePath "C:\WDAC\PowerShellPolicy.xml" 
    -ScanPath "C:\Scripts"
-Level FilePublisher ` -Fallback Hash
WDAC替代AppLocker用于PowerShell脚本管控:
powershell
undefined

Convert to binary and deploy

Create WDAC policy for PowerShell scripts

ConvertFrom-CIPolicy -XmlFilePath "C:\WDAC\PowerShellPolicy.xml" ` -BinaryFilePath "C:\Windows\System32\CodeIntegrity\SIPolicy.p7b"
undefined
New-CIPolicy -FilePath "C:\WDAC\PowerShellPolicy.xml" 
    -ScanPath "C:\Scripts"
-Level FilePublisher ` -Fallback Hash

Constrained Language Mode

Convert to binary and deploy

Constrained Language Mode is now recommended for all users without admin privileges:
powershell
undefined
ConvertFrom-CIPolicy -XmlFilePath "C:\WDAC\PowerShellPolicy.xml" ` -BinaryFilePath "C:\Windows\System32\CodeIntegrity\SIPolicy.p7b"
undefined

Check current language mode

约束语言模式

$ExecutionContext.SessionState.LanguageMode
建议所有无管理员权限的用户启用约束语言模式:
powershell
undefined

Output: FullLanguage (admin) or ConstrainedLanguage (standard user)

Check current language mode

Set system-wide constrained language mode via Group Policy or Environment Variable

Set HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment__PSLockdownPolicy = 4


---
$ExecutionContext.SessionState.LanguageMode

PowerShell 7.6 Preview Features

Output: FullLanguage (admin) or ConstrainedLanguage (standard user)

Current Status (October 2025)

Set system-wide constrained language mode via Group Policy or Environment Variable

Set HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment__PSLockdownPolicy = 4

PowerShell 7.6.0 Preview 5 available (built on .NET 9.0.101)
New Features:
  • PSRedirectToVariable: Allow redirecting to a variable
  • Module Rename: ThreadJob → Microsoft.PowerShell.ThreadJob
  • PSResourceGet 1.1.0: Improved performance and Azure Artifacts support
powershell
undefined

---

Check PowerShell version

PowerShell 7.6 预览版功能

当前状态(2025年10月)

$PSVersionTable.PSVersion
PowerShell 7.6.0 预览版5已可用(基于.NET 9.0.101构建)
新功能:
  • PSRedirectToVariable: 支持重定向输出到变量
  • 模块重命名: ThreadJob → Microsoft.PowerShell.ThreadJob
  • PSResourceGet 1.1.0: 性能优化,新增Azure Artifacts支持
powershell
undefined

7.5.4 (stable) or 7.6.0-preview.5

Check PowerShell version

.NET version

$PSVersionTable.PSVersion

.NET 9.0.101

7.5.4 (stable) or 7.6.0-preview.5

.NET version


---

Migration Checklist

.NET 9.0.101

Immediate Actions Required (2025)

  • Audit MSOnline/AzureAD usage - Migrate to Microsoft.Graph 2.32.0 before May 2025
  • Remove PowerShell 2.0 references - Upgrade to PowerShell 7.5+
  • Replace WMIC commands - Use Get-CimInstance/Get-Process
  • Update JSON schemas - Migrate Draft 4 to Draft 6+
  • Remove PSSnapin requirements - Convert to modules
  • Adopt PSResourceGet - Faster, modern package management
  • Implement JEA - Role-based access control for production
  • Enable WDAC - Application control for PowerShell scripts
  • Test Constrained Language Mode - For non-admin users

---

Recommended Actions

迁移检查清单

2025年需要立即执行的操作

  • Upgrade to PowerShell 7.5.4 - Latest stable with .NET 9
  • Adopt Az 14.5.0 - Latest Azure module with zone redundancy
  • Use Microsoft.Graph 2.32.0 - Actively maintained Graph SDK
  • Enable Script Block Logging - Security auditing
  • Implement Code Signing - For production scripts
  • Use Azure Key Vault - For credential management
  • 审计MSOnline/AzureAD使用情况 - 2025年5月前迁移到Microsoft.Graph 2.32.0
  • 移除PowerShell 2.0相关引用 - 升级到PowerShell 7.5及以上版本
  • 替换WMIC命令 - 使用Get-CimInstance/Get-Process替代
  • 更新JSON schema - 将Draft 4版本迁移到Draft 6及以上版本
  • 移除PSSnapin依赖声明 - 改为使用模块替代
  • 切换到PSResourceGet - 更快速的现代化包管理工具
  • 落地JEA权限管控 - 生产环境启用基于角色的访问控制
  • 启用WDAC - 实现PowerShell脚本的应用管控
  • 测试约束语言模式 - 适配非管理员用户场景

Testing Migration

建议执行的操作

powershell
undefined
  • 升级到PowerShell 7.5.4 - 基于.NET 9的最新稳定版本
  • 升级到Az 14.5.0 - 支持可用区冗余的最新Azure模块
  • 使用Microsoft.Graph 2.32.0 - 处于活跃维护的Graph SDK
  • 启用脚本块日志 - 用于安全审计
  • 落地代码签名 - 为生产脚本添加签名校验
  • 使用Azure Key Vault - 实现凭证安全管理

Test for deprecated module usage

迁移测试

Get-Module MSOnline, AzureAD -ListAvailable
powershell
undefined

If found, plan migration immediately

Test for deprecated module usage

Test for PowerShell 2.0 dependencies

Get-Content "script.ps1" | Select-String -Pattern "powershell.exe -Version 2"
Get-Module MSOnline, AzureAD -ListAvailable

If found, remove version parameter

If found, plan migration immediately

Test for WMIC usage

Test for PowerShell 2.0 dependencies

Get-ChildItem -Path "C:\Scripts" -Recurse -Filter "*.ps1" | Select-String -Pattern "wmic" | Select-Object Path, Line
Get-Content "script.ps1" | Select-String -Pattern "powershell.exe -Version 2"

Verify PowerShell version compatibility

If found, remove version parameter

Test for WMIC usage

#Requires -Version 7.0 Test-Path $PSCommandPath # Ensures script is PowerShell 7+

---
Get-ChildItem -Path "C:\Scripts" -Recurse -Filter "*.ps1" | Select-String -Pattern "wmic" | Select-Object Path, Line

Resources

Verify PowerShell version compatibility

Last Updated: October 2025
#Requires -Version 7.0 Test-Path $PSCommandPath # Ensures script is PowerShell 7+

---

参考资源

最后更新时间: 2025年10月