SOLVED

Administrative Access to Employee OneDrive Files

Occasional Visitor

We have a few junior admins that we have added to the SharePoint Administrator role, but this appears to have given them the ability to access all user's OneDrive files via the Microsoft 365 Admin Center > Users > <user> > OneDrive > Create link to files. We would like to prevent this type of access either entirely or for executives. That being the case, I have a few questions that hopefully someone can answer or can point me in the direction of documentation to find the answer:

 

  1. Is it correct that the SharePoint Administrator role gives this "Create link to files" ability?
  2. If yes to #1, can a user still be SharePoint Administrator but have this capability to access files removed? Or, is it possible to create a custom role that is similar to SharePoint Administrator but lacks this ability?
  3. Can "Create link to files" be scoped to only a subset of users, meaning that the admins can only do this for some users, but not all?
  4. If no to #2, is there some way to block an admin's ability to use "Create link to files" for executive users?

 

Any help/insight is appreciated. 

1 Reply
best response confirmed by Juan Carlos González Martín (MVP)
Solution
If you want limited access, don't use the SharePoint admin role. Add them as secondary site collection admin to the specific site(s) you need them to manage instead.