SharePoint & OneDrive · Tenant Administration
SharePoint Administrator
Full access to the SharePoint admin center. Can create and manage sites, designate site admins, manage sharing settings, and manage Microsoft 365 groups.
Scope: Organization-wide SharePoint and OneDrive administration
Permissions
- SharePoint admin center - Full access to all settings and features
- Sites - Create, delete, and manage all SharePoint sites
- Site admins - Add and remove site collection administrators
- Sharing settings - Configure organization-wide sharing policies
- Microsoft 365 groups - Create, delete, restore, and change owners
- Storage - Manage site storage limits and quotas
- Access control - Configure unmanaged device and network policies
- Self-access - Can grant themselves access to any site or OneDrive
Common use cases
- Managing SharePoint tenant settings
- Creating and configuring team sites
- Setting up external sharing policies
- Managing storage quotas and limits
Best practices
- Use for dedicated SharePoint administration only
- Combine with Conditional Access for secure access
- Document site creation and deletion activities
- Regularly review sharing settings
Security considerations
- Can access any site or OneDrive by granting self-access
- Changes to sharing affect entire organization
- Consider using PIM for just-in-time access
Common questions
When should I assign the SharePoint Administrator role?
Assign SharePoint Administrator when you need to: Managing SharePoint tenant settings; Creating and configuring team sites; Setting up external sharing policies; and Managing storage quotas and limits. It is part of SharePoint & OneDrive and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the SharePoint Administrator role do?
The SharePoint Administrator role grants permissions including: SharePoint admin center - Full access to all settings and features; Sites - Create, delete, and manage all SharePoint sites; Site admins - Add and remove site collection administrators; Sharing settings - Configure organization-wide sharing policies; Microsoft 365 groups - Create, delete, restore, and change owners; and Storage - Manage site storage limits and quotas. See the Permissions section above for the full list.
What are the security risks of the SharePoint Administrator role?
Key considerations when assigning SharePoint Administrator: Can access any site or OneDrive by granting self-access; Changes to sharing affect entire organization; and Consider using PIM for just-in-time access. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.