Microsoft is tightening security around its Entra ID sign-in process by blocking external script injection, a move that could force some orgs to rethink their browser extension strategies.