question

frob avatar image
0 Votes"
frob asked JerryXu-MSFT commented

In SharePoint Online - Can a SharePoint group or AD group or some other group have Owner permissions on all SharePoint site collections?

Hi there

In SharePoint Online - Can a SharePoint group or AD group or some other group have Owner permissions on all SharePoint site collections?
Which one, and how?

Thanks.

office-sharepoint-online
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JerryXu-MSFT avatar image
0 Votes"
JerryXu-MSFT answered JerryXu-MSFT commented

Hi, @frob-0826

In SharePoint Online, you can create an M365 group to contain all the required members and grant them owner permission on all site collections. You just need to repeat the granting owner permission process in each site collection.

If you are able to use PowerShell here is a script you can use to loop through all site collections.

 $TenantSiteURL="https://<Tenant Name>-admin.sharepoint.com/"
 Connect-PnPOnline -Url $TenantSiteURL -UseWebLogin
 #Get All Site Collections 
 $Sites = Get-PnPTenantSite
    
 #Loop through each Site Collection
 ForEach ($Site in $Sites) {
    
     Write-host "Processing data for $Site.Url" 
     Connect-PnPOnline -Url $Site.Url -UseWebLogin
     Add-PnPSiteCollectionAdmin -Owners "c:0o.c|federateddirectoryclaimprovider|<object ID>"
     Disconnect-PnPOnline
 }

You can get the Object ID for group in Azure AD.
8OoY0.png

Remember to replace the Tenant Name and object ID with your own one.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi JerryXu

By a M365 group do you mean an Azure-AD-Security-Group? Are they the same thing?

Thank you.

0 Votes 0 ·

Hi, @frob-0826 ,

M365 group and Azure AD security group are different things. Here is a doc talking about the concepts of these groups

How to create a group


0 Votes 0 ·

Hi Jerry

The doc you mentioned, says that to grant permissions to resources like SharePoint one should use Azure-AD-Security groups.

I guess you meant to say that I should create Azure-AD-Security-Group to grant certain users owner permissions on all Site Collections, right?

Thanks.

0 Votes 0 ·
Show more comments