PowerShell and OpenSSH team investments for 2022

It's time to discuss the team investments for 2022.
For some areas we'll be completing work we've already started, and in others we'll be beginning on new projects.

Executive Order on Cybersecurity

One of the areas we've already spent significant effort on is adhering to the Executive Order on Cybersecurity.
Due to the large number of repositories owned and maintained by the team, this has been a large but necessary work item.
As the guidance and compliance requirements evolve, additional work may be needed throughout the year.

PowerShell 7.3

We're continuing with our yearly release of new PowerShell 7 minor version updates.
PowerShell 7.2 was released last year as our most recent LTS release.
PowerShell 7.3 will be a stable version that will be supported for one year
after General Availability, expected towards the end of this year.

Below, I cover some specific feature areas we expect to deliver in the 7.3 release
beyond bug fixes and community contributions.

Move to .NET 7

We will continue to align with new .NET releases which means moving to .NET 7.
We continue to work closely with the .NET team to align our releases,
however we found some issues in .NET 7 preview 1
so we couldn't ship PowerShell 7.3 preview 2 with .NET 7.
As early adopters of .NET 7, we expect to hit issues on occasion with the intent to
get them resolved before we consider a release candidate.

Local SessionConfiguration support

PowerShell JEA provides the ability to define a remote endpoint that restricts
administrative capabilities so that users have Just Enough Administration (JEA).
This capability is currently dependent on WinRM.
The Local SessionConfiguration feature would allow specifying a local session configuration file
to be used on start of pwsh such that you can use this with SSH remoting.
Some capabilities that are built into WinRM such as running in a virtual or group managed account
will not be supported.

Additional Azure Mariner support

Mariner is the Azure supported distribution intended
for Microsoft teams that require .
Although Mariner already includes PowerShell 7 support,
we need to add support for additional architectures like Windows ARM64.

Custom ConnectionInfo

Last year, we published a RFC on Custom ConnectionInfo.
The idea was to allow the community to create cmdlets that would extend the capabilities of the
current PowerShell remoting infrastructure.
For example, one could create a cmdlet that performs Azure to establish
a SSH connection and then PowerShell can perform remoting over that connection.

AMSI and WDAC enhancements

PowerShell continues to collaborate with the AMSI
and WDAC
teams to improve the PowerShell security posture.
As the Windows and Windows Application Control teams continue to improve their features,
we will continue to enhance PowerShell 7 to leverage those new capabilities.

PowerShell 7 in Windows

We continue to explore and discuss with the Windows team make it easier to deploy PowerShell 7 on Windows.
As noted previously, support lifecycle differences between Windows and .NET along with size constraints we don't
have the ability currently to ship PowerShell 7 in Windows.
Previously we considered a bootstrapper to be a viable solution
giving the experience of being inbox in Windows, however, it would have been a significant effort to implement.
Instead, we are exploring shipping a cmdlet in Windows PowerShell to make it easy to install PowerShell 7.
A new RFC will be published to discuss this.

More Windows ARM64 support

As Windows ARM64 continues to grow in usage, we've had customer and partner asks for a MSI package for installation
instead of the current zip package that we publish today.
In addition to producing a Windows ARM64 MSI package, additional work would be needed to make
it Microsoft Update compatible.

Making it easier to find out what's new in PowerShell

PowerShell 7 and modules we ship continue to ship with new features and capabilities (often thanks to community contributions).
However, we've found that users may not know what is new as not everyone follows us on Twitter nor read our blog posts.
We'd like to add a Get-WhatsNew cmdlet to help users find out what's new in PowerShell.
Expect a RFC about this cmdlet to be published in the near future.


In PSReadLine 2.1 along with PowerShell 7.1, we added the ability to have predictive intellisense.
This is more than just tab-completion in that a predictor could leverage to predict
what the user is typing to make them more productive or help them understand a complex command by
pre-filling in arguments.

We initially partnered with the Azure PowerShell
team to have them produce a predictor for Azure.

We're now ready to make this available more broadly for developers to implement their own predictors.
We have an example predictor that uses existing PowerShell completers that we'll be releasing soon.

Module Isolation

As the popularity of PowerShell 7 has grown, we've been getting feedback that modules are encountering
dependency conflicts.
By default, .NET only allows one version of an assembly to be loaded at a time.
So if a module depends on a newer version, but an older version of the assembly is already loaded,
then that module will fail to load.
.NET provides a mechanism to allow multiple versions of an assembly to be loaded at the same time using
an AssemblyLoadContext and we have some documentation
on leverage this.
However, this is still quite complicated.
We're working on some improvements in PowerShell 7 to make this easier along with sample code.

macOS Notarization support

We've been publishing macOS packages since PowerShell Core 6.0.
However, Apple introduced a new Notarization capability
that we have yet to adopt.
We'll have to do some work to support notarization making it easier to install new releases.

PowerShellGet 3.0

Work continues on PowerShellGet 3.0.
This was a complete rewrite of PowerShellGet focusing on a few key areas:

  • Simplify code base making it easier to enhance and fix bugs (which includes moving aware from dependency on PackageManagement)
  • Address long standing usability issues that would have been breaking changes from v2
  • Maintain compatibility for existing written expecting v2

We've released a number of previews
for PowerShellGet 3.0 and we're getting closer to a potential release candidate.

PowerShell VSCode Extension

We've had some significant changes in the PowerShell VSCode extension
on how threading works in order to improve performance and reliability of the extension.
We'll continue to fix bugs and focus on moving the preview release to a stable release.

The PowerShell Gallery was first announced
more than 7 years ago and usage has grown surpassing our expectations.
As we think about the continued growth and use of PowerShell Gallery,
we're exploring some significant architectural changes to the gallery to support scenarios for the next 7+ years.
More specific details will come out later once we are ready to share them publicly.

PSDesiredStateConfiguration 3.0

We started work on PSDesiredStateConfiguration 3.0
last year and will continue this work.

However, the focus is on enabling partner teams like Azure Guest Configuration
and Automanage to leverage PowerShell 7 and DSC.

Crescendo 1.0

With the release of Crescendo 1.0 RC last December,
we expect a General Availability release soon.

PlatyPS 2.0

PlatyPS is the tool used to generate update-able help files.
We'll continue to have more preview releases
focusing on partner and community feedback expecting to have a General Availability release later this year.

OpenSSH for Windows

Our team continues to support the Windows port of OpenSSH.
We continue to publish experimental beta releases on GitHub to get
user feedback prior to updating the OpenSSH
shipped in Windows.
Expect new releases on GitHub to be MSI packages instead of zip packages making them easier
to install and update.
We'll continue to fix bugs as well as add new parity features to the Windows port.
There's some other exciting work happening with SSH that we aren't quite ready to discuss yet.


As you can see, we have lots of work on our plate
Our plans are not set in stone and we'll adjust them as new compliance or customer/partner requirements come in.
Finally, thanks to the amazing community!
Your feedback and contributions are greatly appreciated and results in a better product for everyone.

The post PowerShell and OpenSSH team investments for 2022 appeared first on PowerShell Team.


This article was originally published by Microsoft's Azure Security Blog. You can find the original article here.