MC1055557SharePoint Online: Content Security Policy Control in Tenant Administration

Updated June 11, 2025: We have updated the timeline below. Thank you for your patience.

SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell.

When this will happen:

Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025.

General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025.

General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by late June 2025 (previously early June).

How this will affect your organization:

Tenant Administrators will have the option to control and govern where custom code loads scripts and, if needed, enforce browsers to only load scripts from trusted sources. A new "Trusted script sources" page will give administrators control over which source can be trusted to load scripts.

What you need to do to prepare: