SharePoint Update — Content Security Policy (CSP) Changes

Microsoft will begin rolling out an important security update to SharePoint Online starting March 1st, 2026, related to script loading policies (Content Security Policy — CSP).

This evolution strengthens Microsoft 365 security practices.
It does not introduce risk when environments are properly prepared.

You'll find more information about this topic in the following article published by Microsoft :  
SharePoint Online Content Security Policy (CSP): Enforcement Dates and Guidance
 

This article explains:

• What is changing

• Potential impacts

• Recommended actions

• How to verify your environment

Key Takeaways

• This is a planned Microsoft security evolution

• It affects how SharePoint authorizes script execution

• No complex action is required in most cases

• A simple verification is recommended to ensure future deployments run smoothly

Context — What is Content Security Policy (CSP)?

Content Security Policy (CSP) is a browser security mechanism used by SharePoint to control which sources are allowed to load code (JavaScript, styles, etc.).

Its objectives are to:

• Prevent malicious script execution

• Reduce web-based attack risks

• Strengthen overall security compliance

Microsoft is tightening these controls in 2026 by enforcing stricter validation rules.

What Is Changing

With this update:

• Scripts from non-approved sources may be blocked

• Some non-compliant inline scripts may be rejected

• Custom SharePoint solutions relying on external resources could be affected

For end users, in non-compliant environments this may result in:

• Components not displaying properly

• Error messages appearing instead of content

Important Focus — Trusted Script Sources Limit

SharePoint now enforces a limit of:

-> Maximum 300 trusted script source entries per tenant

Each solution deployment or version can add entries to this list.

Without periodic cleanup:

• Future deployments may be blocked

• Some updates may fail

This is currently the primary item to monitor.

Recommended Preventive Action

We recommend performing a quick verification:

1️⃣ Go to SharePoint Admin Center

2️⃣ Navigate to Advanced > Script sources
 

3️⃣ Check:

• Total number of entries

• Presence of outdated or unused versions

4️⃣ Remove obsolete entries if necessary

This helps ensure:

• A clean environment

• Smooth future deployments

• Compliance with the new security policy

Optional — Testing CSP Behavior (Technical Profiles)

Before full enforcement, you can simulate strict CSP behavior on a page:

1️⃣ Add to the URL of a page containing components:

?csp=enforce

2️⃣ Clear browser cache
3️⃣ Refresh the page

Results:

• If compliant → components display normally

• If not → errors appear

⚠️ This test only affects your session.

Our Commitment

We actively monitor Microsoft platform evolutions and continuously adapt our solutions to maintain compatibility with updated security requirements.

This transition contributes to:

• Improved stability

• Stronger security

• Continued solution reliability

Need Assistance?

If you would like to:

• Validate your configuration

• Better understand your situation

• Receive guidance on verification

Our support team is available to assist you. 
Feel free to reach out via our form : contact Jint support.