diff --git a/.changeset/bright-bats-fail.md b/.changeset/bright-bats-fail.md
new file mode 100644
index 0000000..410661c
--- /dev/null
+++ b/.changeset/bright-bats-fail.md
@@ -0,0 +1,5 @@
+---
+'@pagerduty/backstage-plugin-backend': minor
+---
+
+Disables unauthenticated access to plugin routes by default
diff --git a/plugins/backstage-plugin-backend/src/plugin.ts b/plugins/backstage-plugin-backend/src/plugin.ts
index 6f5b3a9..80ade8e 100644
--- a/plugins/backstage-plugin-backend/src/plugin.ts
+++ b/plugins/backstage-plugin-backend/src/plugin.ts
@@ -12,7 +12,7 @@ class CatalogFetchApi {
   constructor(
     private readonly logger: LoggerService,
     private readonly auth: AuthService,
-  ) {}
+  ) { }
 
   async fetch(
     input: unknown,
@@ -62,10 +62,16 @@ export const pagerDutyPlugin = createBackendPlugin({
             }),
           }),
         );
-        httpRouter.addAuthPolicy({
-          path: '/',
-          allow: 'unauthenticated',
-        });
+        // The default Backstage behaviour is to require authentication on routes.
+        // https://backstage.io/docs/backend-system/core-services/http-router/#using-the-service
+        // Setting enableUnauthenticatedAccess to true will allow unauthenticated access to the PagerDuty plugin routes.
+        const enableUnauthenticatedAccess: boolean = config.getOptionalBoolean('pagerDuty.enableUnauthenticatedAccess') ?? false;
+        if (enableUnauthenticatedAccess === true) {
+          httpRouter.addAuthPolicy({
+            path: '/',
+            allow: 'unauthenticated',
+          });
+        }
       },
     });
   },
diff --git a/plugins/backstage-plugin/CHANGELOG.md b/plugins/backstage-plugin/CHANGELOG.md
index 4557cc4..8d17787 100644
--- a/plugins/backstage-plugin/CHANGELOG.md
+++ b/plugins/backstage-plugin/CHANGELOG.md
@@ -1,5 +1,11 @@
 # @backstage/plugin-pagerduty
 
+## 0.16.2
+
+### Patch Changes
+
+- 5d9c0e7: Remove Backstage UI CSS imports from frontend plugin
+
 ## 0.16.1
 
 ### Patch Changes
diff --git a/plugins/backstage-plugin/package.json b/plugins/backstage-plugin/package.json
index 8413911..27c658c 100644
--- a/plugins/backstage-plugin/package.json
+++ b/plugins/backstage-plugin/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@pagerduty/backstage-plugin",
   "description": "A Backstage plugin that integrates towards PagerDuty",
-  "version": "0.16.1",
+  "version": "0.16.2",
   "main": "dist/index.esm.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",