Blog Post

Microsoft Entra Blog
3 MIN READ

Enhance protection of Microsoft Entra ID authentication by blocking external script injection

AnkurPatel's avatar
AnkurPatel
Icon for Microsoft rankMicrosoft
Nov 25, 2025

Microsoft is further enhancing security of the Microsoft Entra ID authentication experience by blocking external script injection. [Action may be required]

As part of Microsoft’s Secure Future Initiative, we’re making an important update to our Content Security Policy (CSP) that will enhance the security of the Microsoft Entra ID sign-in experience. Thi...
Updated Nov 19, 2025
Version 1.0
end user
entra id
identity security
microsoft 365
MOB_RMA's avatar
MOB_RMA
Copper Contributor
Dec 30, 2025

Would the error "refused to load script" already be present, if we test logins today? This looks smore like an error that will happen, "after" the CSP enforcement has been set. How can we find problematic logins in advance?