Microsoft To Enhance Protections By Blocking External Scripts In Entra ID Logins

By AnuPriya
Publication Date: 2025-11-28 07:23:00

Microsoft is set to introduce a crucial security change to its Entra ID sign-in experience by blocking all external scripts during user logins.

This update aims to protect users from unauthorized code and is part of Microsoft’s Secure Future Initiative to strengthen its cloud identity platform.

Microsoft will enforce a stricter Content Security Policy (CSP) on Entra ID login pages. This means only scripts hosted on trusted Microsoft domains will run.

Any scripts from third-party tools, browser extensions, or injected by compromised web content will be blocked.

The goal is to prevent attacks such as cross-site scripting (XSS), in which hackers inject malicious code into web pages.

By blocking external scripts, Microsoft aims to reduce risks such as credential theft, session hijacking, and other threats to authentication.

Microsoft has announced that the global rollout of the new CSP will start in mid-to-late October 2026. Customers will…

Facebook
Twitter
Pinterest
LinkedIn
Digg
Tumblr
Reddit
Buffer
Blogger
Newsvine
HackerNews
Flipboard
Share
LiveJournal
Yammer
Mix
Instapaper
Copy Link
Mastodon

Related Posts