MC1193419 – (Updated) Content Security Policies (CSP) are coming to SharePoint Online and might impact your custom SPFx solutions

Product:

Microsoft 365 admin center, Purview, Purview Communication Compliance, SharePoint

Platform:

Online, US Instances, Windows Desktop, World tenant

Status:

Launched

Change type:

Admin impact, New feature, Updated message, User impact

Links:

MC1055557
485797

Details:

Summary:
Starting March 1, 2026, SharePoint Online will enforce Content Security Policy (CSP), blocking scripts from untrusted sources in custom SPFx solutions. To avoid disruptions, ensure all scripts come from trusted sources and move inline scripts to files. CSP enforcement can be postponed 90 days via PowerShell.

Details:
Updated March 13, 2026: We have updated the timeline. Thank you for your patience.
We're improving SharePoint Online security via Content Security Policy (CSP) enforcement. Currently CSP is applied in reporting mode but as of March 1, 2026, the Content Security Policy will be enforced which will prevent the loading of script (e.g. JavaScript) from non-allowed sources. This message center post replaces MC1055557 (April 2024).
This change is associated with Microsoft 365 Roadmap ID: 485797
[When this will happen:]
This will be implemented starting March 1, 2026 and should complete by March 20, 2026.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Targeted Release

Created:
2025-12-09

updated:
2026-04-17

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

CSP Enforcement Impact on SPFx Solutions
Custom SPFx solutions may fail to load scripts from untrusted sources, leading to non-functional business applications.
   - roles: SharePoint Developer, IT Administrator
   - references: https://aka.ms/spfx/csp, https://www.microsoft.com/microsoft-365/roadmap?id=485797

Inline Script Blocking
Inline scripts will be blocked, requiring updates to SPFx solutions to move inline scripts to external files, potentially causing delays in deployment.
   - roles: SharePoint Developer, Project Manager
   - references: https://aka.ms/spfx/csp, https://purview.microsoft.com/

User Experience Degradation
Users may experience broken functionalities in SharePoint Online if SPFx solutions are not updated before CSP enforcement.
   - roles: End User, Support Technician
   - references: https://aka.ms/spfx/csp, https://www.microsoft.com/microsoft-365/roadmap?id=485797

Increased Support Tickets
The enforcement of CSP may lead to an increase in support tickets from users facing issues with SPFx solutions that are not functioning as expected.
   - roles: Support Technician, IT Helpdesk
   - references: https://aka.ms/spfx/csp, https://purview.microsoft.com/

Need for Immediate Remediation
Organizations will need to quickly identify and remediate CSP violations, which may require additional resources and time.
   - roles: IT Administrator, Compliance Officer
   - references: https://aka.ms/spfx/csp, https://www.microsoft.com/microsoft-365/roadmap?id=485797

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only