Introduction
This document completely describes making O365 sites as read-only through publishing content type and CSOM. In SharePoint on-premise, this was primarily done via central administration or using PowerShell but these techniques do not apply to SharePoint Online.
The only two available options for O365 LockState are NoAccess or Unlock. If LockState-NoAccess is at the Site Collection level, it will automatically redirect to NoAccessRedirectUrl which was unique for tenant level, and the existing content will not be readable for users.
Problem Statement
Below are some of the business scenarios where we require the O365 site to be read-only to prevent any further addition/modification of content but simultaneously, to make the existing content available to the users.
- Before making O365 sites to live, from the migration of any of the platform to O365 sites.
- When the site reaching Site Quota specified by admin.
Logical Architecture
Supported features & artifacts
The solution supports automating read-only of O365 site collections using CSOM.
Approach
In order to make an SPO site collection read-only, you can leverage Site Policy. I have listed the detailed steps in this article ahead.
Creating a site policy by code does not seem to be possible in SharePoint Online. But on the other hand, applying a site policy to a site could be done with classes and methods from the client object model.
Follow the below steps for creating Site policy,
- Go to Content Type Hub site collection under your SPO tenant via https://[tenant].sharepoint.com/sites/contentTypeHub. This site collection is hidden from SPO central admin and can be accessed by URL only.
- Go to Site Setting page and click Site Collection Administration -> Site Policies.
- Follow the above steps to create a policy.
- Once you create a site policy, you will see there is an extra column called “Publish Policy” under “Site Policies” page. Since we are at Content Hub Site collection, this column shows a link to allow us to publish a site policy to tenant scope. You can click “Manage Publishing for this policy” link to go “Content Type Publishing” page:
- On the “Content Type Publishing” page, check “Publish” radio and publish content type.
- You can republish it if you make something changes later.
- Once you publish it, it won’t be shown at site collection immediately. For an on-premises version, usually, there is a timer job to publish Content Type and Site Policy from Content Hub site collection to all site collections at tenant scope. Since we have no way to access timer job from SPO, we have to wait a little bit. For my case, I found out the site policy is going to available no later than 24 hours. Maybe people from SharePoint Online Product team can tell us how the publishing mechanism works behind the scene.
Activating site policy feature on each required site collection.
- By default Site Policy feature is not active at the site collection level, based on MSDN article site policy feature GUID “ 2fcd5f8a-26b7-4a6a-9755-918566dba90a” and it should be added to Site feature from C#.
- After activating the feature navigate site setting and click on Site policies, here newly created policy will be available.
To apply site policy from C#, by default Web object had a method called ApplySitePolicy and it requires policy name as a method parameter.
Implementation & Solution
The solution is developed using CSOM.
Prerequisites
- Applies for SharePoint Online
- Windows application can run using directly from .exe file with any .NET framework supported system
- The person executing the steps should be having full control of all site collections. For site collection level settings, the user should be site collection administrators and it should be a .onmicrosoft account.
Solution Structure
Below is the solution structure. All the assemblies are referenced from the file system and are part of the solution.
Folder Structure Definition
| Folder |
Definition |
| References |
Reference of CSOM libraries |
| SiteUrls.json |
Input list of Site collections |
| ReadOnlyOrOpenSites.cs |
Winform for applying site policy or removing site policy |
| App.Config |
Basic Configuration details like user name and password |
Net Code and Configurations
- Script location
Attached to the current blog
- Configuration Settings
| Element |
Type |
Description |
| SPOUserName |
String |
Onmicrosoft account |
| SPOPassword |
String |
Password of SPOUserName |
| SitePolicyName |
String |
Created Site Policy |
How to use?
Execution Steps
From the folder structure, open from bin open .exe file. It will show the below; follow the step by step as motioned below.
- To read all list of site collections click on Copy Site URLs
- To apply the site policy feature on each site collection click on apply site policy feature.
- To make the site as read-only, click on make site read-only
- To remove read-only site policy, click on Remove Site read-only.
Conclusion
This solution will apply automatically all input site collection as read-only with minimum manual work.
Benefits
- Minimal to no manual work
- Effort-saving in diagnosing deployment issue and manual effort
- No dependency on individuals components as all dependent assemblies are included in the package itself.
References
- https://docs.microsoft.com/en-us/powershell/module/sharepoint-server/Set-SPSite?view=sharepoint-ps
- https://medium.com/front-end-hacking/make-a-spo-site-collection-read-only-programmatically-1660ef41ae28