SharePoint Online will begin enforcing its Content Security Policy (CSP) on March 1, 2026

Microsoft announced that SharePoint Online will begin enforcing its Content Security Policy (CSP) on March 1, 2026. Until then it will remain in “report-only” mode (logging violations but not blocking scripts). This means that after the enforcement date, any inline scripts or scripts from unapproved external sources will be blocked, which could break custom solutions built with SharePoint Framework (SPFx) if they rely on dynamic loading or external CDNs without proper CSP configuration. Developers are advised to audit their SPFx solutions now, move inline code to external files, register all necessary external script domains in the “Trusted Script Sources” list in the SharePoint Admin Center, and optionally delay enforcement by 90 days (until June 1, 2026) via PowerShell if more time is needed. CSP enforcement is coming, contact us and our experts can help you to be prepare and avoid service disruption. www.ChironIT.com #ChironIT #SharePoint #Microsoft365#CloudSecurity