check before: 2025-03-01
Product:
SharePoint
Platform:
Online, US Instances, World tenant
Status:
Change type:
Admin impact, New feature, Updated message
Links:
Details:
Summary:
SharePoint Online Tenant Administrators can now control script sources for modern pages, allowing custom code from external sources. Rollout timelines: Targeted Release (late March to early April 2025), General Availability (late April 2025), and GCC, GCC High, DoD (late April to late June 2025). No admin action required.
Details:
Updated June 11, 2025: We have updated the timeline below. Thank you for your patience.
SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell.
[When this will happen:]
Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025.
General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025.
General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by late June 2025 (previously early June).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-04-15
updated:
2025-06-12
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
SharePoint Online is introducing a feature that allows Tenant Administrators to control and approve script sources on modern pages, with rollout starting for the Targeted Release group by late March to early April 2025 and general availability by late April 2025.
Direct effects for Operations**
Increased Security Risks
Allowing custom code from external sources may introduce vulnerabilities if not properly managed, leading to potential data breaches or malware infections.
- roles: Tenant Administrators, End Users
- references: https://www.csoonline.com/article/3531234/the-security-risks-of-using-external-scripts-in-web-applications.html, https://www.microsoft.com/en-us/security/blog/2021/06/15/understanding-the-security-risks-of-using-external-scripts/
User Experience Disruption
If external scripts are not properly vetted, they may cause functionality issues on modern pages, leading to a poor user experience.
- roles: End Users, Support Staff
- references: https://www.forbes.com/sites/bernardmarr/2021/05/10/the-impact-of-website-scripts-on-user-experience/?sh=5c1c1c1e7b3b, https://www.smashingmagazine.com/2020/06/website-performance-user-experience/
Compliance and Governance Challenges
Introducing external scripts may complicate compliance with data protection regulations (e.g., GDPR) if data is inadvertently shared with untrusted sources.
- roles: Compliance Officers, Tenant Administrators
- references: https://www.eugdpr.org/, https://www.dataprotectionreport.com/2021/01/gdpr-compliance-and-the-use-of-external-scripts/
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced Security through Script Source Control
By allowing Tenant Administrators to control which script sources can be loaded on SharePoint modern pages, organizations can significantly enhance their security posture. This feature mitigates risks associated with malicious scripts from untrusted sources, thus protecting sensitive organizational data.
- next-steps: Conduct a security audit to identify current script sources and evaluate their trustworthiness. Develop a policy for approved script sources and train IT staff on managing these settings using the SharePoint Online Management Shell.
- roles: IT Security Team, SharePoint Administrators, Compliance Officers
- references: https://techcommunity.microsoft.com/t5/sharepoint-developer-blog/sharepoint-online-content-security-policy-control-in-tenant/ba-p/3000001
Improved User Experience with Custom Scripts
Enabling trusted custom scripts can enhance user experience by allowing for tailored functionalities and features on SharePoint pages. This can lead to increased user engagement and productivity as users interact with custom tools that meet their specific needs.
- next-steps: Gather user feedback on desired functionalities that could be implemented through custom scripts. Collaborate with developers to create and test these scripts, ensuring they comply with the new security policies.
- roles: End Users, SharePoint Developers, Business Analysts
- references: https://techcommunity.microsoft.com/t5/sharepoint-developer-blog/sharepoint-online-content-security-policy-control-in-tenant/ba-p/3000001
Streamlined IT Administrative Tasks
With the introduction of a 'Trusted script sources' page, IT administrators can manage script sources more efficiently, reducing the time spent on monitoring and controlling script access. This centralized management can lead to improved operational efficiency.
- next-steps: Implement training sessions for IT staff on utilizing the new management features effectively. Develop a standard operating procedure for regularly reviewing and updating trusted script sources to ensure compliance and security.
- roles: IT Administrators, Operations Managers, Compliance Officers
- references: https://techcommunity.microsoft.com/t5/sharepoint-developer-blog/sharepoint-online-content-security-policy-control-in-tenant/ba-p/3000001
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-06-12 | MC Last Updated | 05/21/2025 21:27:12 | 2025-06-11T19:57:26Z |
| 2025-06-12 | MC Messages | Updated May 21, 2025: We have updated the content Thank you for your patience.
SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell. [When this will happen:] Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025. General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025. General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by early June 2025 (previously mid-May). | Updated June 11, 2025: We have updated the timeline below. Thank you for your patience.
SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell. [When this will happen:] Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025. General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025. General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by late June 2025 (previously early June). |
| 2025-06-12 | MC End Time | 07/14/2025 09:00:00 | 2025-08-25T09:00:00Z |
| 2025-06-12 | MC Summary | SharePoint Online Tenant Administrators can now allow and control script sources for modern pages, enforcing browsers to load scripts only from trusted sources. This feature will roll out from late March to early June 2025, depending on the release type. No admin action is required for this rollout. | SharePoint Online Tenant Administrators can now control script sources for modern pages, allowing custom code from external sources. Rollout timelines: Targeted Release (late March to early April 2025), General Availability (late April 2025), and GCC, GCC High, DoD (late April to late June 2025). No admin action required. |
| 2025-05-22 | MC Last Updated | 05/01/2025 23:52:25 | 2025-05-21T21:27:12Z |
| 2025-05-22 | MC Messages | Updated May 1, 2025: We have updated the content Thank you for your patience.
SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell. [When this will happen:] Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025. General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025. General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by mid-May 2025. | Updated May 21, 2025: We have updated the content Thank you for your patience.
SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell. [When this will happen:] Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025. General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025. General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by early June 2025 (previously mid-May). |
| 2025-05-22 | MC End Time | 06/30/2025 09:00:00 | 2025-07-14T09:00:00Z |
| 2025-05-22 | MC Summary | SharePoint Online Tenant Administrators can now control script sources for modern pages, allowing custom code from external sources like CDNs. This feature will roll out from late March to mid-May 2025, providing a "Trusted script sources" page for managing and enforcing trusted script sources. No admin action is required. | SharePoint Online Tenant Administrators can now allow and control script sources for modern pages, enforcing browsers to load scripts only from trusted sources. This feature will roll out from late March to early June 2025, depending on the release type. No admin action is required for this rollout. |
| 2025-05-02 | MC Messages | SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell.
[When this will happen:] Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025. General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025. General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by mid-May 2025. | Updated May 1, 2025: We have updated the content Thank you for your patience.
SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell. [When this will happen:] Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025. General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025. General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by mid-May 2025. |
| 2025-05-02 | MC Title | SharePoint Online: Content Security Policy Control in Tenant Administration | (Updated) SharePoint Online: Content Security Policy Control in Tenant Administration |
| 2025-05-02 | MC Last Updated | 04/15/2025 02:32:01 | 2025-05-01T23:52:25Z |
| 2025-05-02 | MC MessageTagNames | New feature, Admin impact | Updated message, New feature, Admin impact |
Last updated 6 days ago
