Microsoft Entra ID · M365 Workloads & Services

SharePoint Administrator

Can manage all aspects of SharePoint Online including site collections, sharing policies, term store, and OneDrive for Business settings.

Scope: Full SharePoint Online and OneDrive for Business administration

Permissions

  • Manage Azure service health
  • Create and manage support tickets
  • Create Microsoft 365 groups
  • Delete Microsoft 365 groups
  • Update M365 group members
  • Update M365 group owners
  • Restore deleted M365 groups
  • Update M365 group properties
  • Read hidden group members
  • Read network performance
  • Manage service health
  • Full SharePoint management
  • Create support tickets
  • Read usage reports
  • Read admin center properties
  • Manage site collections, hub sites, and site templates
  • Configure sharing and access policies
  • Manage OneDrive for Business settings
  • Configure term store and content types
  • Manage app catalog and SharePoint add-ins

Common use cases

  • SharePoint Online deployment and migration
  • Site collection creation and management
  • External sharing policy configuration
  • Storage quota management
  • Hub site configuration and navigation
  • OneDrive for Business administration
  • Term store and managed metadata
  • Content type hub management
  • SharePoint app catalog administration
  • Site design and site script management
  • Information architecture planning
  • SharePoint search configuration

Best practices

  • Use site collection administrators for delegation
  • Configure sharing policies at the organization level
  • Monitor external sharing activity regularly
  • Use sensitivity labels for site classification
  • Document site provisioning standards
  • Configure default sharing link types
  • Use hub sites for navigation and branding
  • Implement information architecture standards
  • Review site ownership regularly
  • Configure audit logging for compliance
  • Test changes in isolated environments first
  • Coordinate with Teams Admin for Teams-connected sites
  • Use PIM for elevated access
  • Set appropriate storage quotas per site

Security considerations

  • Can configure external sharing affecting data exposure
  • Can access all SharePoint content when necessary
  • Can modify access policies for all sites
  • Can configure OneDrive sharing and sync settings
  • Can manage site collection administrators
  • Microsoft 365 group management affects Teams access
  • Monitor external sharing permissions regularly
  • Alert on sharing policy changes
  • Review anonymous link creation settings
  • Consider separation from compliance roles

Official Microsoft Learn documentation →

Open the interactive RBACMap →