![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 47%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | SharePoint | Development
The process of building custom applications and tools that interact with Microsoft SharePoint, including SharePoint Online in Microsoft 365.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 54%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Hi Schenck Shay
Based on my research, SharePoint Online does not support full-trust farm solutions (.wsp) because they deploy server-side code that runs with farm-level permissions. In a cloud-based, multi-tenant service like SharePoint Online, allowing customer-deployed full-trust code to execute on Microsoft-managed servers would pose security, stability, and isolation risks across tenants. As a result, this deployment model is supported only in SharePoint Server (on-premises) and has never been supported in SharePoint Online.
Given this situation, you can try to redesign the functionality using supported cloud approaches. Any server-side logic should be moved outside of SharePoint Online and run in an external service, such as Azure Functions or Azure App Services. These services can then connect to SharePoint Online using supported APIs like REST, CSOM, or Microsoft Graph.
For user interface customizations that were previously deployed through farm solutions, the recommended approach is to rebuild them using the SharePoint Framework (SPFx). Background processes such as timer jobs, event receivers, or provisioning logic should be replaced with remote processes that run independently and interact with SharePoint using app-based permissions.
Alternatively, you can try the SharePoint Cloud Add-in Model
- Use SharePoint Add-ins with CSOM/REST to implement custom logic instead of server-side object model code.
- Elevation of privileges is handled via AllowAppOnlyPolicy or a service account, not
RunWithElevatedPrivileges. - Replace common full-trust patterns as follows:
- Timer jobs → Implement as remote timer jobs (for example, Azure WebJobs, Windows services, or schedulers) that call SharePoint via CSOM/REST.
- Event receivers / feature receivers → Use remote event receivers and remote provisioning patterns.
- Branding and site provisioning → Use remote provisioning from an add-in or external service rather than farm features, site definitions, or full-trust provisioning code.
Hope my answer will help you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.