Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

21:07 - 27 Nov 2025

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at "login.microsoftonline[.]com" by only letting scripts from trusted Microsoft domains run. "This update strengthens security and adds an extra