485797 – SharePoint: Content Security Policy Control in Tenant Administration

Product:

SharePoint

Platform:

Online, US Instances, Windows Desktop, World tenant

Status:

In development

Change type:

Links:

Details:

SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This is particularly useful in scenarios where modern pages have custom code that load scripts (e.g. TypeScript code) from external sources like CDN. SharePoint will now report to administrators where are loaded from sources that have not been allowed giving administrators a way to identify those sources and take actions. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Targeted Release

Created:
2025-05-02

updated:
2025-05-02

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

SharePoint Online has introduced a feature allowing Tenant Administrators to control script sources on modern pages by specifying approved sources, with alerts for unapproved scripts, managed via the SharePoint Online Management Shell.

Direct effects for Operations**

Script Source Restrictions
If the change is implemented without preparation, users may experience broken functionalities on modern pages due to scripts being blocked from unapproved sources, leading to a degraded user experience.
   - roles: SharePoint Administrators, End Users
   - references: https://techcommunity.microsoft.com/t5/sharepoint-developer/sharepoint-content-security-policy-control-in-tenant-administration/ba-p/3651230

Increased Administrative Overhead
Without proper preparation, administrators may face increased workload in managing and approving script sources, leading to potential delays in deployment of necessary features or updates.
   - roles: SharePoint Administrators, IT Support Staff
   - references: https://techcommunity.microsoft.com/t5/sharepoint-developer/sharepoint-content-security-policy-control-in-tenant-administration/ba-p/3651230

User Training and Adaptation
Users may require additional training to understand the new restrictions on script sources, and failure to provide this could lead to confusion and frustration when functionalities do not work as expected.
   - roles: End Users, Training Coordinators
   - references: https://techcommunity.microsoft.com/t5/sharepoint-developer/sharepoint-content-security-policy-control-in-tenant-administration/ba-p/3651230

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced Security Management
With the new Content Security Policy (CSP) control, administrators can enforce stricter security protocols by allowing only trusted script sources. This reduces the risk of malicious scripts being executed on SharePoint pages, thus enhancing the overall security posture of the organization.
   - next-steps: Conduct a security audit to identify current script sources in use, and develop a list of trusted sources to be allowed. Implement the CSP settings using SharePoint Online Management Shell and monitor for compliance.
   - roles: IT Security Administrators, SharePoint Administrators, Compliance Officers
   - references: https://techcommunity.microsoft.com/t5/sharepoint-developer-blog/sharepoint-online-content-security-policy-control-in-tenant/ba-p/3705322, https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/get-started/using-csp

Improved User Experience
By controlling which scripts can run on modern pages, organizations can ensure that only optimized and approved scripts are loaded, leading to improved page load times and a better user experience for end-users.
   - next-steps: Engage with end-users to gather feedback on current page performance and identify which scripts are essential. Gradually implement the CSP settings while monitoring user experience metrics.
   - roles: End Users, User Experience Designers, SharePoint Administrators
   - references: https://www.microsoft.com/en-us/microsoft-365/blog/2023/08/30/introducing-new-sharepoint-experiences/, https://www.zdnet.com/article/how-to-improve-sharepoint-performance/

Streamlined IT Operations
The ability to identify and manage unauthorized script sources allows for more efficient IT operations. Administrators can proactively address security concerns and reduce the time spent on troubleshooting issues related to unauthorized scripts.
   - next-steps: Set up regular reporting and monitoring of script sources. Create a standard operating procedure for reviewing and approving new script sources as needed, ensuring that the process is documented and communicated across the team.
   - roles: IT Operations Managers, SharePoint Administrators, Help Desk Staff
   - references: https://www.red-gate.com/hub/product-learning/sharepoint-performance-optimization, https://www.forbes.com/sites/bernardmarr/2020/10/12/the-top-5-benefits-of-using-sharepoint-for-your-business/

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only