check before: 2026-03-01
Product:
Microsoft 365 admin center, Purview, Purview Communication Compliance, SharePoint
Platform:
Online, US Instances, Windows Desktop, World tenant
Status:
Rolling out
Change type:
New feature, User impact, Admin impact
Details:
Summary:
Starting March 1, 2026, SharePoint Online will enforce Content Security Policy (CSP), blocking scripts from non-trusted sources in custom SPFx solutions. To avoid disruption, ensure all scripts come from trusted sources and move inline scripts to files. CSP enforcement can be postponed 90 days via PowerShell.
Details:
We're improving SharePoint Online security via Content Security Policy (CSP) enforcement. Currently CSP is applied in reporting mode but as of March 1, 2026, the Content Security Policy will be enforced which will prevent the loading of script (e.g. JavaScript) from non-allowed sources. This message center post replaces MC1055557 (April 2024).
This change is associated with Microsoft 365 Roadmap ID: 485797
[When this will happen:]
This will be implemented starting March 1, 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Targeted Release
Created:
2025-12-09
updated:
2025-12-09
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
Starting March 1, 2026, SharePoint Online will enforce Content Security Policy (CSP) to ensure scripts in custom SharePoint Framework (SPFx) solutions come from trusted sources, requiring organizations to verify and adjust script sourcing, with an option to delay enforcement by 90 days using a PowerShell command.
Direct effects for Operations**
CSP Enforcement Impact on SPFx Solutions
Custom SPFx solutions may fail to load scripts from non-trusted sources, leading to functionality loss and disruption of business processes.
- roles: SharePoint Developer, IT Administrator
- references: https://aka.ms/spfx/csp, https://www.microsoft.com/microsoft-365/roadmap?id=485797
Inline Script Blocking
Inline scripts will be blocked, requiring updates to SPFx solutions to move inline scripts to external files, which may not be completed in time.
- roles: SharePoint Developer, Project Manager
- references: https://aka.ms/spfx/csp, https://purview.microsoft.com/
User Experience Degradation
Users may experience broken functionalities in SharePoint Online due to blocked scripts, leading to frustration and decreased productivity.
- roles: End User, Support Technician
- references: https://aka.ms/spfx/csp, https://www.microsoft.com/microsoft-365/roadmap?id=485797
Increased Support Requests
The enforcement of CSP may lead to an increase in support requests from users facing issues with SPFx solutions, straining IT resources.
- roles: Help Desk Staff, IT Support Manager
- references: https://aka.ms/spfx/csp, https://purview.microsoft.com/
Compliance and Security Risks
Failure to comply with CSP requirements may expose the organization to security vulnerabilities and compliance issues.
- roles: Compliance Officer, Security Analyst
- references: https://aka.ms/spfx/csp, https://www.microsoft.com/microsoft-365/roadmap?id=485797
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 week ago ago
