Content Security Policy for OWA/ECP with DUO for OWA installed?

Hey all…
Anyone deploying Content Security Policies for OWA and ECP, while also using DUO?

Any pointers? I tried adding “frame-src ■■■■■■■■■■■■■■■■■■■■■■■■■” and that broke things… I suspect that there’s a bunch of other framing going on in OWA/ECP that I’m missing.


ECP has errors, Exchange ActiveSync won’t allow new devices.

Something like those kind of errors?

I know ECP had issues, things not filling in completely on the screen.
We pulled it pretty quickly so as to get our admin back up and working.