How to Assign a User to SharePoint Online Administrator Role in Office 365?
Requirement: Set SharePoint Online Administrator.
As the SharePoint Online administration is done by people other than Tenant Admin (or Global Administrator!) in most companies, You may need to delegate Office 365 roles so that users get administrative privileges to specific services like SharePoint without being full tenant admins. Global administrators in Office 365 have the right to assign users with SharePoint administrator roles to manage SharePoint Online.
Users with a SharePoint admin role can manage site collections such as creating sites, Deleting sites, designating site collection administrators, Managing site collection storage, managing service applications like user profiles, and more. In addition, SharePoint admins can manage Office 365 groups, including creating, deleting, and restoring groups. Let’s see how to give SharePoint Online admin access.
How to Assign the SharePoint Online Administrator Role?
How do I add a user to SharePoint Admin Center? Basically, You have to assign users with a SharePoint admin role through the Microsoft admin center. To add a user to a SharePoint Online Administrator, do the following:
- Login to Office 365 Admin Center: https://admin.microsoft.com
- Expand the “Users” node in the left navigation >> Click on Active Users
- Search and select the user you want to make SharePoint Online Administrator >> Click on “Manage Roles” from the toolbar.
- In the Manage role pane, select the “Admin Center Access” option and then tick the checkbox for “SharePoint Admin”.
- Click on the “Save Changes” button once done.
This assigns SharePoint Online administrator in Office 365. Alternatively, You can click on the “Roles” link from the left navigation of the Admin Center >> Click on “SharePoint Admin” and then “Add Users” to the SharePoint Online Administrator role.
This provides access to the SharePoint Admin Center. Alternatively, you can also add a SharePoint administrator to a Microsoft 365 tenant using PowerShell.
PowerShell to Add User to SharePoint Online Administrator Role from Azure AD
As an administrator of Microsoft 365, you may want to add a SharePoint Online administrator who can help manage your company’s SharePoint Online site. You’ll be able to add a SharePoint Online administrator with just a few lines of PowerShell script.
Here is the PowerShell to add a user to the SharePoint Admin role in Office 365:
#Connect to Azure AD
Connect-AzureAD
#Parameters
$UserAccount="mark@crescent.com"
$RoleName="SharePoint Service Administrator"
#Get the User
$User = Get-AzureADUser | Where {$_.UserPrincipalName -eq $UserAccount}
#Get the Role
$Role = Get-AzureADDirectoryRole | Where {$_.DisplayName -eq $RoleName}
#Add User to Role
Add-AzureADDirectoryRoleMember -ObjectId $Role.ObjectId -RefObjectId $User.ObjectID
This would prompt credentials. Enter your Global Administrator credentials to authenticate in Azure AD to add a user to SharePoint Admin Center.
Please note that SharePoint Site collection administrators could be different from SharePoint Online Administrators! Site collection Admins don’t need an admin role in Office 365 and cannot access the SharePoint admin center. Also, SharePoint administrator permissions only apply to the SharePoint service, not other services within the tenant.
You can use the same approach to add additional global admins as well. Here is how to set Global admin for SharePoint Online using PowerShell:
#Connect to Azure AD
Connect-AzureAD
#Parameters
$UserAccount="Steve@crescent.com"
$RoleName="Company Administrator"
#Get the User
$User = Get-AzureADUser | Where {$_.UserPrincipalName -eq $UserAccount}
#Get the Role
$Role = Get-AzureADDirectoryRole | Where {$_.DisplayName -eq $RoleName}
#Add User to Role
Add-AzureADDirectoryRoleMember -ObjectId $Role.ObjectId -RefObjectId $User.ObjectID
How to Set Global Admin for SharePoint Online using PowerShell?
Please note that granting “SharePoint Admin” or “Global Admin” doesn’t gain you access to the site automatically! You must add the user as a Site Collection Administrator to the sites to gain full control! Here is how: How to Add Site Collection Administrator in SharePoint Online using PowerShell?
Conclusion
In conclusion, adding a SharePoint administrator to a Microsoft 365 tenant allows you to grant users the necessary permissions to manage the SharePoint service. By using the Azure Active Directory PowerShell module and the Add-AzureADDirectoryRoleMember cmdlet, you can easily add a user as a SharePoint administrator. Additionally, you can also use the Microsoft 365 admin center to add a SharePoint administrator to a Microsoft 365 tenant. It’s important to note that SharePoint administrator permissions are different from global administrator permissions and only apply to the SharePoint service.