Secure Future Initiative

Microsoft will change the Content Security Policy for browser-based Entra ID sign-ins at login.microsoftonline.com to block unauthorized scripts and allow only trusted Microsoft domains, with a global rollout beginning mid-to-late October 2026; organisations are asked to test sign-in flows and avoid tools that inject code.