Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

M365 Changelog: Office add-in dialog API hardening update

MC283865 – Microsoft recently made some changes to harden the security of the Office Add-in dialog API, which impacts cross-domain communication. Normally they do not do Message center communications on these monthly changes, but in the case Microsoft want to make sure the potential for impact is understood.

Note: If your organization is not using Office Add-ins you can safely disregard this message.

This change only impacts Office Add-ins and does not affect COM/VSTO add-ins.

When will this happen:

These changes will take effect in the semi-annual channel on September 14th. Please ensure your add-in is updated before this date.

How does this affect your organization:

If your organization is deploying an office add-in, your add-in functionality may be impacted. Please confirm with your add-in provider whether your add-in is using either the Office.ui.messageParent or Office.dialog.messageChild methods to communicate between the dialog and the parent page (typically a task pane) on different domains. If so, your add-in will need to be updated to pass a new parameter to enable cross-domain communication.

The changes are rolling out with the following builds:

Office on the web: Live from 7/19/2021
Microsoft 365 on Windows subscription: 16.0.14310.10000
Office on Mac: 16.52.21080801
Office on iOS: 2.52.21080801
Semi-annual channel: The September Patch Tuesday (9/14/2021) will include the update.

What can you do to prepare:

For more information, see Action required: Update your Office add-in dialog for cross-domain communication

On Windows, you can set a registry key to bypass the target origin validation if needed. (For instructions, see the Tip in Cross-domain messaging to the host runtime.) Doing so allows add-ins making cross-domain communication to continue running even if they haven’t been updated to use the new parameter. Do this only as a temporary expediency until the add-in is updated.