Hi,

In order to improve the security of Workspace 365, we will change the way Content Security Policy (CSP) headers are applied. This may require action on your end.

With CSP, Workspace can be embedded in other applications, such as Teams. In order for this to function, the domain on which you want to embed Workspace 365 has to be known. Previously, this was set on instance level, this will be moved to environment level. This means that domains where you want to embed a specific environment will have to be whitelisted for that environment. We will whitelist teams.microsoft.com by default.

With the release of v3.68, which will be rolled out on our hosted platform on the evening of October 19th, a new option will be added to the Workspace settings where domains can be whitelisted for that environment. You will be able to add a maximum of 10 domains there.

To ensure a smooth transition, we will offer a grace period. Between September 28th and October 18th, you can submit domains you want whitelisted for a specific environment via a support ticket, and we will ensure the domain is whitelisted for that environment. Beyond October 19th, you are responsible for whitelisting domains via the Workspace settings. A support article explaining how to do this will be published in the Access & Security section beforehand.