Role for PowerShell to SharePoint Online Management Shell and OneDrive Admin Center

%3CLINGO-SUB%20id%3D%22lingo-sub-1476662%22%20slang%3D%22en-US%22%3ERole%20for%20PowerShell%20to%20SharePoint%20Online%20Management%20Shell%20and%20OneDrive%20Admin%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1476662%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20%22global%20reader%22%20on%20my%20tenant%2C%20but%20I%20can't%20access%20%3CA%20href%3D%22https%3A%2F%2Fadmin.inedrive.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fadmin.onedrive.com%3C%2FA%3E%20(it%20says%20%22access%20refused%22).%20On%20another%20tenant%2C%20I'm%20%22Global%20admin%22%20and%20I%20have%20access%20to%20this%20screen.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20it%20seems%20I%20can't%20connect%20with%20PowerShell%20to%20Sharepoint%20Online%20Management%20Shell%20either%20%3A%20first%20I%20have%20a%20message%20about%20%22non-approved%20verbs%22%20while%20importing%20the%20module%2C%20and%20second%20when%20I%20try%20a%20connection%2C%20I%20have%20a%20message%20%22Connect-SPOService%20%3A%20Current%20user%20is%20not%20a%20tenant%20administrator.%22%20On%20the%20other%20tenant%20where%20I'm%20%22global%20admin%22%2C%20I%20can%20access%20the%20PS%20admin.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20help%20me%20please%20%3F%20%22Global%20reader%22%20isn't%20supposed%20to%20be%20%22read-only%20Global%20admin%22%20%3F%20Do%20I%20also%20need%20%22Sharepoint%20admin%22%20(though%20it%20is%20included%20in%20%22global%20reader%22%20as%20far%20as%20I%20know...)%20role%20to%20use%20PowerShell%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20!%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ERegards%2C%3C%2FP%3E%3CP%3EAdrien%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1476662%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOneDrive%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1479061%22%20slang%3D%22en-US%22%3ERe%3A%20Role%20for%20PowerShell%20to%20SharePoint%20Online%20Management%20Shell%20and%20OneDrive%20Admin%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1479061%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F687383%22%20target%3D%22_blank%22%3E%40adrien_itr%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20fact%20that%20it's%20not%20working%20with%20the%20OneDrive%20Admin%20Center%20is%20mentioned%20in%20the%20official%20documentation%2C%20so%20I'd%20say%20this%20is%20normal%20you%20get%20an%20error%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fdirectory-assign-admin-roles%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAdministrator%20role%20permissions%20in%20Azure%20Active%20Directory%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22odfb.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F199909iE2B6B4EE4B4C82E5%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22odfb.png%22%20alt%3D%22odfb.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20I've%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fazure-docs%2Fissues%2F57508%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eopened%20an%20issue%3C%2FA%3E%20on%20the%20docs%20because%20after%20testing%20on%20my%20side%2C%20it%20wasn't%20working%20with%20SPO%20Admin%20Center%20either%20nor%20PowerShell.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20thing%20to%20do%20at%20this%20point%20is%20Global%20Reader%20%2B%20SPO%20Admin%20role%20%F0%9F%A4%B7%F0%9F%8F%BB%E2%80%8D%3Afemale_sign%3A%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1495566%22%20slang%3D%22en-US%22%3ERe%3A%20Role%20for%20PowerShell%20to%20SharePoint%20Online%20Management%20Shell%20and%20OneDrive%20Admin%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1495566%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F34858%22%20target%3D%22_blank%22%3E%40Veronique%20Lengelle%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHello%20Veronique%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20answer.%3C%2FP%3E%3CP%3EIndeed%2C%20I%20missed%20that%20point%20about%20the%20Global%20Reader%20role.%20However%2C%20on%20the%20tests%20I%20did%20on%20a%20test%20tenant%2C%20even%20the%20SPO%20Admin%20role%20wans't%20enough%20to%20access%20the%20Onedrive%20Admin%20Center%20(but%20probably%2C%20I%20didn't%20wait%20enough%20for%20the%20role%20to%20fully%20dispatched%20on%20all%20Microsoft's%20datacenters...).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20fact%20that%20you%20encounter%20this%20issue%20with%20Powershell%20is%20indeed%20a%20problem%20I%20encountered%20as%20well.%20I%20hope%20this%20will%20be%20fixed%20ASAP.%20Thanks%20for%20the%20link%20you%20provided%20%3B%20I%20will%20follow%20this%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EAdrien%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hello,

 

I'm "global reader" on my tenant, but I can't access https://admin.onedrive.com (it says "access refused"). On another tenant, I'm "Global admin" and I have access to this screen.

 

And it seems I can't connect with PowerShell to Sharepoint Online Management Shell either : first I have a message about "non-approved verbs" while importing the module, and second when I try a connection, I have a message "Connect-SPOService : Current user is not a tenant administrator." On the other tenant where I'm "global admin", I can access the PS admin.

 

Can you help me please ? "Global reader" isn't supposed to be "read-only Global admin" ? Do I also need "Sharepoint admin" (though it is included in "global reader" as far as I know...) role to use PowerShell ?

 

Thanks !


Regards,

Adrien

2 Replies
Highlighted

@adrien_itr 

 

The fact that it's not working with the OneDrive Admin Center is mentioned in the official documentation, so I'd say this is normal you get an error: Administrator role permissions in Azure Active Directory 

 

odfb.png

 

However, I've opened an issue on the docs because after testing on my side, it wasn't working with SPO Admin Center either nor PowerShell.

 

Best thing to do at this point is Global Reader + SPO Admin role 🤷🏻‍:female_sign:

Highlighted

@Veronique Lengelle 

 

Hello Veronique,

 

Thanks for your answer.

Indeed, I missed that point about the Global Reader role. However, on the tests I did on a test tenant, even the SPO Admin role wans't enough to access the Onedrive Admin Center (but probably, I didn't wait enough for the role to fully dispatched on all Microsoft's datacenters...).

 

The fact that you encounter this issue with Powershell is indeed a problem I encountered as well. I hope this will be fixed ASAP. Thanks for the link you provided ; I will follow this issue.

 

Thanks !

 

Regards,

Adrien