Secure Future Initiative

Updates and information on Microsoft’s Secure Future Initiative (SFI) for enhanced security.

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Nov 27, 2025

—

by

Reza Rafati

in Cyber News & Updates

Microsoft is enhancing security for Entra ID authentication by blocking unauthorized script injection attacks, starting in late 2026. This move involves updating their Content Security Policy (CSP) for the “login.microsoftonline.com” sign-in experience, allowing only scripts from trusted Microsoft domains to execute, thereby preventing malicious code.