MC1055557 - SharePoint Online: Content Security Policy Control in Tenant Administration
Service
Published
Tag
Summary
SharePoint Online Tenant Administrators can now control script sources for modern pages, allowing custom code from external sources like CDNs. This feature will roll out from late March to mid-May 2025, providing a "Trusted script sources" page for managing and enforcing trusted script sources. No admin action is required.
More information
SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell.
When this will happen:
Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025.
General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025.
General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by mid-May 2025.
How this will affect your organization:
Tenant Administrators will have the option to control and govern where custom code loads scripts and, if needed, enforce browsers to only load scripts from trusted sources. A new "Trusted script sources" page will give administrators control over which source can be trusted to load scripts.
What you need to do to prepare: