MC1191924 | Microsoft Entra ID: Enhance protection of the authentication experience by blocking external script injection
- Service
- Microsoft Entra
- Last Updated
- 2025-12-03T21:44:55.89Z
- Published
- 2025-12-03T21:44:46Z
- Message ID
- MC1191924
Introduction As part of Microsoft’s Secure Future Initiative, we’re updating our Content Security Policy for the Microsoft Entra ID sign-in experience. This change adds an extra layer of protection by allowing only scripts from trusted Microsoft domains to run during authentication, blocking unauthorized or injected external code. This proactive measure helps safeguard users against threats like cross-site scripting (XSS), further strengthening security for your organization. When this will happen General Availability (Production/Worldwide only): • Rollout begins mid-October 2026 • Expected completion by late October 2026 Periodic communications will be sent closer to release. How this affec...
Open Full Notification Browse Message CenterThis page is an SEO landing page for discoverability of Message Center ID MC1191924.