Category
planForChange
Severity
normal
Major change
True
Last modified
2025-11-15 00:00:07
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
2026-01-13 08:00:00
Action by (AI)
โ
Services
SharePoint Online
Tags
Feature update, User impact, Admin impact
Master tags
Admin, Security
Roadmap IDs
One-line summary
Custom scripting will be disabled by default on SharePoint Online App Catalog sites starting mid-January 2026 to enhance security; app operations remain unaffected.
Similar updates
More like thisMC1117115 (Updated) Updates to custom scripting in sites and Classic Publishing site creation
(Updated) Updates to custom scripting in sites and Classic Publishing site creation Starting September 15, 2025, custom scripting and new classic publishing sites will be restricted in SharePoint Online; key PowerShell opt-out retires March 15, 2026. We are implementing the following changes to custom scripting and classic publishing in.
MC1186372 (Updated) SharePoint branding governance via PowerShell
(Updated) SharePoint branding governance via PowerShell SharePoint admins can centrally enforce branding and themes using PowerShell, audit changes, disable site-level branding, and manage themes across geos to ensure brand consistency. Updated February 25, 2026: We have updated the timeline. [Introduction] Coming soon to SharePoint: Tenant.
MC1193419 (Updated) Content Security Policies (CSP) are coming to SharePoint Online and might impact your custom SPFx solutions
(Updated) Content Security Policies (CSP) are coming to SharePoint Online and might impact your custom SPFx solutions SharePoint Online will enforce Content Security Policy from March 1, 2026, blocking scripts from non-trusted sources and requiring remediation for non-compliant SPFx solutions. Updated March 13, 2026: We have updated the timeline..
MC693865 (Updated) SharePoint Add-In retirement in Microsoft 365
(Updated) SharePoint Add-In retirement in Microsoft 365 SharePoint Add-Ins will retire and stop working after April 2, 2026; admins must migrate to SharePoint Framework (SPFx) as Add-Ins will become unusable. Updated March 2, 2026: This update serves as a f... Since the release of SharePoint Add-Ins in 2013, Microsoft has evolved SharePoint.
MC1188595 (Updated) App-only certificate-based authentication now available in SharePoint Online Management Shell
(Updated) App-only certificate-based authentication now available in SharePoint Online Management Shell SharePoint Online Management Shell now supports app-only certificate-based authentication for secure, unattended automation, enabling MFA-compliant script execution via Entra app identities. Updated January 8, 2026: We have updated the content..
MC693863 (Updated) Azure ACS retirement in Microsoft 365
(Updated) Azure ACS retirement in Microsoft 365 Azure Access Control Services (ACS) retires for SharePoint Online on April 2, 2026; update custom apps and integrations to use Microsoft Entra ID for authentication. Updated March 2, 2026: This update serves as a final reminder that Azure ACS in Microsoft 365 will retire and stop working 1 month.
Details
Summary
Starting mid-January 2026, custom scripting will be disabled by default on the tenant-wide SharePoint App Catalog site to enhance security. App operations remain unaffected, but new custom script changes will be blocked. Admins can temporarily opt out using PowerShell commands and should inform site owners accordingly.
Body (from Message Center)
To strengthen security and reduce the risk of ungoverned scripting, Microsoft is expanding the custom scripting governance in the App Catalog site. This change helps ensure a more secure and manageable environment in SharePoint Online.
What will happen:
Custom scripting will be disabled (setting DenyAddAndCustomizePages to 1 or $true) for the tenant-wide App Catalog site using the APPCATALOG#0 template.
When this will happen: Default custom scripting governance on the App Catalog site will take effect starting in mid-January 2026.
Who is affected: Admins managing the SharePoint tenant-wide App Catalog site and content inside.
How this affects your organization:
- App operations remain unaffected: Uploading, updating, and deploying SharePoint and Office apps will continue to work.
- Custom script-based changes will be blocked: New changes related to custom scripting in the App Catalog Site will be disabled by default; existing custom scripting related customizations will remain unaffected.
What you can do to prepare:
- Inform App Catalog site owners and helpdesk staff in your organization of this upcoming change to reduce confusion and support calls.
- To temporarily opt out of custom scripting governance for a specific site (effective for 24 hours with tenant admin approval), use the following PowerShell command:
Set-SPOSite <SiteURL> -DenyAddAndCustomizePages $false
- To update the site property bag (by default disallowed when custom script governance is enabled), use the following PowerShell commands to enable it at tenant or site level:
Set-SPOTenant -AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled $trueSet-SPOSite <SiteURL> -AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled $true
Learn more:
- Security considerations of allowing custom script | SharePoint in Microsoft 365 | SharePoint | Microsoft Learn
- Allow or prevent custom script | SharePoint in Microsoft 365 | SharePoint | Microsoft Learn
- Overview of the SharePoint Framework | SharePoint | Microsoft Learn
Compliance considerations:
No compliance considerations identified, review as appropriate for your organization.
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": "2026-01-13T08:00:00Z",
"ai_action_required_by": null,
"ai_actions": [
"Inform App Catalog site owners and helpdesk staff",
"Review PowerShell options for temporary opt-out or property bag updates"
],
"ai_master_tags": [
"Admin",
"Security"
],
"ai_model": "gpt-4.1",
"ai_summary": "Custom scripting will be disabled by default on SharePoint Online App Catalog sites starting mid-January 2026 to enhance security; app operations remain unaffected.",
"ai_topics": [
"SharePoint"
],
"category": "planForChange",
"details_map": {
"Summary": "Starting mid-January 2026, custom scripting will be disabled by default on the tenant-wide SharePoint App Catalog site to enhance security. App operations remain unaffected, but new custom script changes will be blocked. Admins can temporarily opt out using PowerShell commands and should inform site owners accordingly."
},
"id": "MC1186368",
"importance": 5,
"is_major_change": true,
"last_modified": "2025-11-15T00:00:07Z",
"ms_products": [
"SharePoint"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"SharePoint Online"
],
"severity": "normal",
"tags": [
"Feature update",
"User impact",
"Admin impact"
],
"title": "Microsoft SharePoint: Update to custom scripting governance in App Catalog site"
}
}