SharePoint & OneDrive · Tenant Administration
SharePoint Administrator
Full access to the SharePoint admin center. Can create and manage sites, designate site admins, manage sharing settings, and manage Microsoft 365 groups.
Scope: Organization-wide SharePoint and OneDrive administration
Permissions
- SharePoint admin center - Full access to all settings and features
- Sites - Create, delete, and manage all SharePoint sites
- Site admins - Add and remove site collection administrators
- Sharing settings - Configure organization-wide sharing policies
- Microsoft 365 groups - Create, delete, restore, and change owners
- Storage - Manage site storage limits and quotas
- Access control - Configure unmanaged device and network policies
- Self-access - Can grant themselves access to any site or OneDrive
Common use cases
- Managing SharePoint tenant settings
- Creating and configuring team sites
- Setting up external sharing policies
- Managing storage quotas and limits
Best practices
- Use for dedicated SharePoint administration only
- Combine with Conditional Access for secure access
- Document site creation and deletion activities
- Regularly review sharing settings
Security considerations
- Can access any site or OneDrive by granting self-access
- Changes to sharing affect entire organization
- Consider using PIM for just-in-time access