Blog Post

Microsoft Entra Blog
3 MIN READ

Enhance protection of Microsoft Entra ID authentication by blocking external script injection

AnkurPatel's avatar
AnkurPatel
Icon for Microsoft rankMicrosoft
Nov 25, 2025

Microsoft is further enhancing security of the Microsoft Entra ID authentication experience by blocking external script injection. [Action may be required]

As part of Microsoft’s Secure Future Initiative, we’re making an important update to our Content Security Policy (CSP) that will enhance the security of the Microsoft Entra ID sign-in experience. Thi...
Updated Nov 19, 2025
Version 1.0
end user
entra id
identity security
microsoft 365
j0hn539's avatar
j0hn539
Copper Contributor
Nov 26, 2025

Does this mean that browser extension based password managers will no longer work?

  • MegnaKokkalera's avatar
    MegnaKokkalera
    Icon for Microsoft rankMicrosoft
    Dec 01, 2025

    Hi j0hn539​! Thanks for your question. If your password manager doesn't alter the DOM or inject script into the page, there should be no change. In general, we recommend using tools or browser extensions that don't inject script into the page as it will be a more secure experience.

    You can use the testing instructions in this post to determine the exact impact on the password manager you use today. Based on our early testing, commonly used password managers like 1Password or Lastpass don't bring up any violations on our end and should still work. Feel free to let us know if you experience anything different.

  • MichaelMortenSonne's avatar
    MichaelMortenSonne
    MVP
    Nov 27, 2025

    Yes it´s a good question - just pinged the Team too 😄