Setting up Content Security Policy (CSP)

Warwick Eade Updated by Warwick Eade

Content Security Policy for Teams App

As in Microsoft Teams, tab applications are hosted within iframe elements in Microsoft 365 app and Outlook web clients.

DeskDirector makes use of Content Security Policy (CSP) headers as a security measure that helps prevent attacks. It's necessary to configure the frame-ancestors settings in the your DeskDirector Admin Portal. This should include the Authentication Portal, Client Portal, and Tech Portal.

Setup method 1

To setup the required configuration automatically, you can go to your admin portal -> Integrations -> Teams.

In the Embedding Configuration section, open the drop-down menu and click on the "Enable Client Portal" and "Enable TECH Portal" options.

This is will automatically add an allow-list to your CSP configuration (the full list of the domains is at the end of this article).

Setup method 2

Here's an instructional video on how to set this up manually:

Here is a step through:


1. The first step is to open DeskDirector Admin Portal

Step 1 image

2. Scroll and click System

Step 2 image

3. Click Security

Step 3 image

4. Click TECH Portal

Step 4 image

5. Open support.deskdirector and click highlight

Step 5 image

6. Open demomsp29.deskdirector and click frame-ancestor-domain

Step 6 image

7. Click Allow Embed

Step 7 image

8. Open support.deskdirector and click

Step 8 image

9. With your mouse, select text in

Step 9 image

10. Open demomsp29.deskdirector and click frame-ancestor-domain

Step 10 image

11. Click Allow Embed

Step 11 image

12. Click Save

Step 12 image

13. That's it. You're done.

Step 13 image

** Best experienced in Full Screen (click the icon in the top right corner before you begin) **

Here is all the required settings.


frame-ancestor permission

DeskDirector app

Microsoft Teams



Microsoft 365 app



Microsoft Outlook

How did we do?

Introducing the DeskDirector for Microsoft Team App

Installing the Microsoft Teams App (Tech)