Microsoft SharePoint: Update to custom scripting governance in App Catalog site

Created

14

.

11

.

2025

Last updated

.

.

Reading time

3 minutes

Die Inhalte auf dieser Seite wurden maschinell übersetzt.

< Back to Message Center Archive
Starting mid-January 2026, custom scripting will be disabled by default on the tenant-wide SharePoint App Catalog site to enhance security. App operations remain unaffected, but new custom script changes will be blocked. Admins can temporarily opt out using PowerShell commands and should inform site owners accordingly.

To strengthen security and reduce the risk of ungoverned scripting, Microsoft is expanding the custom scripting governance in the App Catalog site. This change helps ensure a more secure and manageable environment in SharePoint Online.

What will happen:

Custom scripting will be disabled (setting DenyAddAndCustomizePages to 1 or $true) for the tenant-wide App Catalog site using the APPCATALOG#0 template.

When this will happen: Default custom scripting governance on the App Catalog site will take effect starting in mid-January 2026.

Who is affected: Admins managing the SharePoint tenant-wide App Catalog site and content inside.

How this affects your organization:

  • App operations remain unaffected: Uploading, updating, and deploying SharePoint and Office apps will continue to work.
  • Custom script-based changes will be blocked: New changes related to custom scripting in the App Catalog Site will be disabled by default; existing custom scripting related customizations will remain unaffected.

What you can do to prepare:

  • Inform App Catalog site owners and helpdesk staff in your organization of this upcoming change to reduce confusion and support calls.
  • To temporarily opt out of custom scripting governance for a specific site (effective for 24 hours with tenant admin approval), use the following PowerShell command:

Set-SPOSite <SiteURL> -DenyAddAndCustomizePages $false

  • To update the site property bag (by default disallowed when custom script governance is enabled), use the following PowerShell commands to enable it at tenant or site level:

Set-SPOTenant -AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled $true
Set-SPOSite <SiteURL> -AllowWebPropertyBagUpdateWhenDenyAddAndCustomizePagesIsEnabled $true

Learn more: 

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

We are here for you!

Do you have any questions or need assistance? We’re happy to help.

Contact us!

Original Message Center post >

© itelio GmbH