How to remove admin’s access to SharePoint Online and OneDrive for Business sites?

How to remove admin’s access to SharePoint Online and OneDrive for Business sites?

Problem   

When you configure backups for SharePoint Online and OneDrive for Business sites using RecoveryManager Plus, the admin whose account is used to configure the product is provided access to all SharePoint Online and OneDrive for Business sites by the product. If you decide not to back up a particular or all SharePoint Online and OneDrive for Business sites, you’ll have to revoke access from the admin manually.

This document will show you how you can manually revoke an admin’s access to sites.

Solution   
  • Once the installation is complete, open it and execute the following commands.

$Username="account@company.onmicrosoft.com"

Here, account@company.onmicrosoft.com is the e-mail address of the admin.

Note: The e-mail address of the admin should be enclosed in double quotes (").

 

$userCredentials = Get-Credential -Credential $Username

Provide the credentials of the admin in the pop-up that appears.

 

Import-Module Microsoft.Online.SharePoint.PowerShell
Connect-SPOService -Url https://<tenant>-admin.sharepoint.com -Credential $userCredentials

Here, <tenant> is the name of your Microsoft 365 tenant.

 

 Removing admin access to particular sites.   

To remove the admin’s access from particular sites, you’ll need the URL of those sites. To get the URL,

  • Log in to RecoveryManager Plus as an administrator.

  • Navigate to the SharePoint & OneDrive tab > Backup Settings.

  • Click the Create Backup button located in the top-right corner of the screen.

  • Select the tenant that contains the site URL you wish to find, and then click on the Icon in the Select Sites field.

  • In the pop-up that appears, click List View in the top-right corner. The list of all sites in the selected tenant will be displayed. Copy the URL of the required sites. To search for particular sites, use the .

  • Once you have the URL of the sites, switch to SharePoint Online Management Shell and enter the following command.

$SiteURL = "CopiedURL"

Replace SiteURL with the URL of the site.

Note: The URL of the site should be enclosed in double quotes (").

Set-SPOUser -Site $SiteURL -LoginName $Username -IsSiteCollectionAdmin $false
-ErrorAction SilentlyContinue

If you want to remove the admin's access to multiple sites, enter the following commands in the SharePoint Online Management Shell.

$SiteURLs = "URL1", "URL2"

Replace URL1 with the URL of the first site, URL2 with the URL of the second site, and so on.

Note: The URL of the sites should be enclosed in double quotes (").

foreach($SiteURL in $SiteURLs) {Set-SPOUser -Site $SiteURL -LoginName $Username
-IsSiteCollectionAdmin $false -ErrorAction SilentlyContinue}

 


                  New to ADSelfService Plus?