How to remove global admin’s access to OneDrive for Business sites.

Problem

When you configure backups for OneDrive for Business sites using RecoveryManager Plus, the global admin is provided access to all OneDrive for Business sites by the product. If you decide not to back up a particular or all OneDrive for Business sites, you’ll have to manually revoke OneDrive for Business access from the global admin.

This document will show you how you can manually revoke a global admin’s access to OneDrive for Business sites.

Solution

Download SharePoint Online Management Shell and install it.
Once the installation is complete, open it and execute the following commands.

$Username="account@company.onmicrosoft.com"

Here, account@company.onmicrosoft.com is the e-mail address of the global admin.

Note: The e-mail address of the global admin should be enclosed in double quotes (").

$userCredentials = Get-Credential -Credential $Username

Provide the credentials of the global admin in the pop-up that appears.

Import-Module Microsoft.Online.SharePoint.PowerShell

Connect-SPOService -Url https://<tenant>-admin.sharepoint.com -Credential $userCredentials

Here, <tenant> is the name of your Office 365 tenant.

Removing global admin access to particular OneDrive for Business sites.

To remove the global admin’s access from particular OneDrive for Business sites, you’ll need the URL of those OneDrive for Business sites. To get the URL,

Log in to RecoveryManager Plus as an administrator.
Navigate to SharePoint & OneDrive tab > Configuration.
Identify the tenant that contains the OneDrive for Business site URL you wish to find, and then click on the number next to the OneDrive icon under the Sites column.

In the pop-up that appears, copy the URL of the OneDrive for Business site. If there are multiple OneDrive for Business sites in the selected schedule, make use of the icon to simplify your search.

Once you have the URL of the sites, switch to SharePoint Online Management Shell and enter the following command.

$OneDriveURL = "CopiedURL"

Replace CopiedURL with the URL of the OneDrive for Business site.

Note: The URL of the OneDrive for Business site should be enclosed in double quotes (").

{Set-SPOUser -Site $OneDriveURL -LoginName $Username -IsSiteCollectionAdmin $false -ErrorAction SilentlyContinue

Repeat the above step for each OneDrive for Business site.

Removing global admin access to all OneDrive for Business sites.

To remove the global admin’s access to all sites, enter the following command.

$OneDriveURLs = Get-SPOSite -IncludePersonalSite $true -Limit All -Filter "Url -like '-my.sharepoint.com/personal/'" foreach($OneDriveURL in $OneDriveURLs) { Set-SPOUser -Site $OneDriveURL.URL -LoginName $Username -IsSiteCollectionAdmin $false -ErrorAction SilentlyContinue }

The global admin’s access to all OneDrive for Business sites will be revoked once the process is complete.