SharePoint sites can be locked or put in read-only mode.
In this post PowerShell is used to lock a site. Another option is to use the Site Policies settings of the site.
The PowerShell commands are quite straightforward.
First connect to a site:
Lock the site by using:
Set-PnPSite -LockState NoAccess
When the site is accessed once locked a 403 forbidden response is displayed in the browser as shown in the following figure.
You can make it more fancy to redirect the visitor of the site to another url by setting this tenant-wide using the command:
Set-PnPTenant -NoAccessRedirectUrl "<your url>"
Now the visitor doesn’t see the 403 response, but another webpage as configured.
At a certain point in time once mind has changed and the has to be unlocked.
Well, the command again is straightforward after reconnecting to the site:
Set-PnPSite -LockState Unlock
But the response is:
Set-PnPSite : The remote server returned an error: (403) Forbidden. At line:1 char:1 + Set-PnPSite -LockState Unlock -Connection $siteConnection + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : WriteError: (:) [Set-PnPSite], WebException + FullyQualifiedErrorId : EXCEPTION,SharePointPnP.PowerShell.Commands.Site.SetSite
Which actually makes sense, but…
In PowerShell the connection is made with the account which has assigned the Global admininistrator role.
In the SharePoint admin center, logged in with that same account, the locked site is listed and marked as locked in the properties panel as shown below.
These actions were performed on a Teamsite with a group, a Teamsite without a group and a Communication site, all with the same result: they are all inaccessible in any way now.