Microsoft has announced an upcoming security change to SharePoint Online called Content Security Policy (CSP) enforcement. This is a positive change that improves how SharePoint protects pages from unsafe scripts, and we want to let our customers know what (if anything) they need to do.
What’s changing?
CSP controls how JavaScript is allowed to run on a SharePoint page. Until now, this has been running in a monitoring mode only. From 1 March 2026, CSP will be fully enforced, meaning non-compliant scripts will be blocked.
Does this affect your Accelerator 365 apps?
For most Accelerator 365 customers, no action is required.
However, if your intranet uses Site Analytics or Welcome, there are a small number of checks we recommend making.
What we recommend
Site Analytics
- Update the app to the latest version
- Add the Google Tag Manager URL to your SharePoint trusted sites list. We have instructions on how to do that on our knowledge base
Welcome
- Update the app to the latest version
- If you are using a custom layout that includes JavaScript, this may also need to be reviewed or updated
If you’re unsure whether this applies to you, please get in touch and we’ll be happy to advise.
Our commitment
We support Microsoft’s move to enforce CSP and have already aligned the affected Accelerator 365 apps with the new requirements. We’ll continue to monitor the rollout and keep customers informed if anything else changes.
If you’d like help checking your setup or want reassurance that your intranet is ready, please contact us.
