Making O365 Sites Read Only


This document completely describes making O365 sites as read-only through publishing content type and CSOM. In SharePoint on-premise, this was primarily done via central administration or using PowerShell but these techniques do not apply to SharePoint Online.
The only two available options for O365 LockState are NoAccess or Unlock. If LockState-NoAccess is at the Site Collection level, it will automatically redirect to NoAccessRedirectUrl which was unique for tenant level, and the existing content will not be readable for users.

Problem Statement

Below are some of the business scenarios where we require the O365 site to be read-only to prevent any further addition/modification of content but simultaneously, to make the existing content available to the users.
  • Before making O365 sites to live, from the migration of any of the platform to O365 sites.
  • When the site reaching Site Quota specified by admin.

Logical Architecture

Making O365 Sites Read Only

Supported features & artifacts

The solution supports automating read-only of O365 site collections using CSOM.


In order to make an SPO site collection read-only, you can leverage Site Policy. I have listed the detailed steps in this article ahead.
Creating a site policy by code does not seem to be possible in SharePoint Online. But on the other hand, applying a site policy to a site could be done with classes and methods from the client object model.
Follow the below steps for creating Site policy,
  • Go to Content Type Hub site collection under your SPO tenant via https://[tenant] This site collection is hidden from SPO central admin and can be accessed by URL only.
  • Go to Site Setting page and click Site Collection Administration -> Site Policies.
  • Follow the above steps to create a policy.
  • Once you create a site policy, you will see there is an extra column called “Publish Policy” under “Site Policies” page. Since we are at Content Hub Site collection, this column shows a link to allow us to publish a site policy to tenant scope. You can click “Manage Publishing for this policy” link to go “Content Type Publishing” page:
  • On the “Content Type Publishing” page, check “Publish” radio and publish content type.
  • You can republish it if you make something changes later.
  • Once you publish it, it won’t be shown at site collection immediately. For an on-premises version, usually, there is a timer job to publish Content Type and Site Policy from Content Hub site collection to all site collections at tenant scope. Since we have no way to access timer job from SPO, we have to wait a little bit. For my case, I found out the site policy is going to available no later than 24 hours. Maybe people from SharePoint Online Product team can tell us how the publishing mechanism works behind the scene.

    Activating site policy feature on each required site collection.

  • By default Site Policy feature is not active at the site collection level, based on MSDN article site policy feature GUID “ 2fcd5f8a-26b7-4a6a-9755-918566dba90a” and it should be added to Site feature from C#.
  • After activating the feature navigate site setting and click on Site policies, here newly created policy will be available.
To apply site policy from C#, by default Web object had a method called ApplySitePolicy and it requires policy name as a method parameter.

Implementation & Solution

The solution is developed using CSOM.
  • Applies for SharePoint Online
  • Windows application can run using directly from .exe file with any .NET framework supported system
  • The person executing the steps should be having full control of all site collections. For site collection level settings, the user should be site collection administrators and it should be a .onmicrosoft account.
Solution Structure
Below is the solution structure. All the assemblies are referenced from the file system and are part of the solution.
Making O365 Sites Read Only
Folder Structure Definition
 Folder  Definition
 References  Reference of CSOM libraries
 SiteUrls.json  Input list of Site collections
 ReadOnlyOrOpenSites.cs Winform for applying site policy or removing site policy
 App.Config  Basic Configuration details like user name and password
Net Code and Configurations
  • Script location
    Attached to the current blog

  • Configuration Settings
 Element  Type  Description
 SPOUserName  String  Onmicrosoft account
 SPOPassword  String  Password of SPOUserName
 SitePolicyName  String  Created Site Policy

How to use?

Execution Steps
From the folder structure, open from bin open .exe file. It will show the below; follow the step by step as motioned below.
Making O365 Sites Read Only
  • To read all list of site collections click on Copy Site URLs
  • To apply the site policy feature on each site collection click on apply site policy feature.
  • To make the site as read-only, click on make site read-only
  • To remove read-only site policy, click on Remove Site read-only.


This solution will apply automatically all input site collection as read-only with minimum manual work.
  • Minimal to no manual work
  • Effort-saving in diagnosing deployment issue and manual effort
  • No dependency on individuals components as all dependent assemblies are included in the package itself.