Category
planForChange
Severity
normal
Major change
True
Last modified
2025-11-15 00:00:07
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
2026-01-13 08:00:00
Action by (AI)
—
Services
SharePoint Online
Tags
Feature update, User impact, Admin impact
Master tags
Security
Roadmap IDs
One-line summary
Custom scripting will be disabled by default on SharePoint Online App Catalog sites starting mid-January 2026 to enhance security; app operations remain unaffected.
Similar updates
More like thisMC1117115 (Updated) Updates to custom scripting in sites and Classic Publishing site creation
(Updated) Updates to custom scripting in sites and Classic Publishing site creation SharePoint Online will disable custom scripting and block new classic publishing site creation/features starting September 15, 2025; admins can temporarily opt out until March 15, 2026. Updated September 2, 2025: Upcoming SharePoint Online changes may impact your.
MC1186372 SharePoint branding governance via PowerShell
SharePoint branding governance via PowerShell SharePoint admins can centrally enforce site branding, manage themes, and audit changes via PowerShell, with new controls rolling out starting November 2025. [When this will happen:] Targeted Release (Worldwide): Begins late November 2025, completes mid-December 2025 General Availability.
MC1193419 Content Security Policies (CSP) are coming to SharePoint Online and might impact your custom SPFx solutions
Content Security Policies (CSP) are coming to SharePoint Online and might impact your custom SPFx solutions SharePoint Online will enforce Content Security Policy on March 1, 2026, blocking scripts from non-trusted sources and requiring updates to custom SPFx solutions using untrusted or inline scripts. We’re improving SharePoint Online security.
MC693865 (Updated) SharePoint Add-In retirement in Microsoft 365
(Updated) SharePoint Add-In retirement in Microsoft 365 SharePoint Add-Ins will retire and stop working on April 2, 2026; migrate customizations to SharePoint Framework (SPFx) and notify users and developers. Updated October 3, 2025: This update serves as a... Since the release of SharePoint Add-Ins in 2013, Microsoft has evolved SharePoint.
MC1188595 App-only certificate-based authentication now available in SharePoint Online Management Shell
App-only certificate-based authentication now available in SharePoint Online Management Shell SharePoint Online Management Shell now supports App-Only Certificate-Based Authentication, enabling secure, unattended automation even with MFA enforced. [Introduction] We are pleased to announce that SharePoint Online Management Shell now supports .
MC693863 (Updated) Azure ACS retirement in Microsoft 365
(Updated) Azure ACS retirement in Microsoft 365 Azure ACS will retire for SharePoint Online on April 2, 2026; update custom apps and integrations to use Microsoft Entra ID to maintain access. Updated October 3, 2025: This update serves as a reminder that Azure ACS in Microsoft 365 will retire and stop working in 6 months from now (April 2, 2026)..
Details
Summary
Starting mid-January 2026, custom scripting will be disabled by default on the tenant-wide SharePoint App Catalog site to enhance security. App operations remain unaffected, but new custom script changes will be blocked. Admins can temporarily opt out using PowerShell commands and should inform site owners accordingly.
Body (from Message Center)
To strengthen security and reduce the risk of ungoverned scripting, Microsoft is expanding the custom scripting governance in the App Catalog site. This change helps ensure a more secure and manageable environment in SharePoint Online.
What will happen:
Custom scripting will be disabled (setting DenyAddAndCustomizePages to 1 or $true) for the tenant-wide App Catalog site using the APPCATALOG#0 template.
When this will happen: Default custom scripting governance on the App Catalog site will take effect starting in mid-January 2026.
Who is affected: Admins managing the SharePoint tenant-wide App Catalog site and content inside.
How this affects your organization:
- App operations remain unaffected: Uploading, updating, and deploying SharePoint and Office apps will continue to work.
- Custom script-based changes will be blocked: New changes related to custom scripting in the App Catalog Site will be disabled by default; existing custom scripting related customizations will remain unaffected.
What you can do to prepare:
- Inform App Catalog site owners and helpdesk staff in your organization of this upcoming change to reduce confusion and support calls.
- To temporarily opt out of custom scripting governance for a specific site (effective for 24 hours with tenant admin approval), use the following PowerShell command:
Set-SPOSite <SiteURL> -DenyAddAndCustomizePages $false
- To update the site property bag (by default disallowed when custom script governance is enabled), use the following PowerShell commands to enable it at tenant or site level:
Set-SPOTenant -AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled $trueSet-SPOSite <SiteURL> -AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled $true
Learn more:
- Security considerations of allowing custom script | SharePoint in Microsoft 365 | SharePoint | Microsoft Learn
- Allow or prevent custom script | SharePoint in Microsoft 365 | SharePoint | Microsoft Learn
- Overview of the SharePoint Framework | SharePoint | Microsoft Learn
Compliance considerations:
No compliance considerations identified, review as appropriate for your organization.
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": "2026-01-13T08:00:00Z",
"ai_action_required_by": null,
"ai_actions": [
"Inform App Catalog site owners and helpdesk staff",
"Review PowerShell options for temporary opt-out or property bag updates"
],
"ai_master_tags": [
"Security"
],
"ai_model": "gpt-4.1",
"ai_summary": "Custom scripting will be disabled by default on SharePoint Online App Catalog sites starting mid-January 2026 to enhance security; app operations remain unaffected.",
"ai_topics": [
"SharePoint"
],
"category": "planForChange",
"details_map": {
"Summary": "Starting mid-January 2026, custom scripting will be disabled by default on the tenant-wide SharePoint App Catalog site to enhance security. App operations remain unaffected, but new custom script changes will be blocked. Admins can temporarily opt out using PowerShell commands and should inform site owners accordingly."
},
"id": "MC1186368",
"importance": 5,
"is_major_change": true,
"last_modified": "2025-11-15T00:00:07Z",
"ms_products": [
"SharePoint"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"SharePoint Online"
],
"severity": "normal",
"tags": [
"Feature update",
"User impact",
"Admin impact"
],
"title": "Microsoft SharePoint: Update to custom scripting governance in App Catalog site"
}
}