In this post we take a look at the SharePoint Service Administrator Group, what it is and how to use it in SharePoint Online.
In this post:
- Background
- What’s the SharePoint Service Administrator group?
- How to add the SharePoint Service Administrator group
- Issues & troubleshooting
Background
Recently I had the task of creating, then modifying a few hundred sites in SharePoint Online. In our case we provisioned the Microsoft 365 group connected SharePoint sites using PnP PowerShell, but as part of this we set the primary owner as an individual admin.
During the process of updating the sites manually, it become more and more annoying that other SharePoint admins had to keep adding themselves into the recently provisioned sites in order to do anything – that is until I found the SharePoint Service Administrator group!
What is the SharePoint Service Administrator group?
The SharePoint Service Administrator is a security group that includes everyone that has been assigned the SharePoint Admin role in Microsoft 365. It’s also worth noting there is also a Company Administrator group also, which includes all users with the Global Admin role.
Greg Zelfond has provided a great write up of these roles over at SharePoint Maven. For the purposes of this post I will be focusing on the SharePoint Service Administrator group.
How to assign the SharePoint Service Administrator group to a site
Follow the steps below to add the SharePoint Service Administrator group as an additional admin of a SharePoint site:
- Open the SharePoint admin center
- Under Sites > Active sites > select the site you wish to add the SharePoint Service Administrator group to
- Press Permissions > Manage additional admins
- Under Add an admin > enter SharePoint Service Administrator
- Press Save
Issues and troubleshooting
#1 Cannot add SharePoint Service Administrator as a group owner
If you are creating or editing Microsoft 365 group connected SharePoint team sites, you are unable to add security groups as owners or members of a M365 group. Security group driven M365 group membership has been a long-standing request of Microsoft, but Roadmap ID: 83113 added in May 2021 has group driven membership management as targeted for release in December 2022.
Workaround: When creating new sites, set the group owners/ members as you would normally (i.e. one or more individuals), then edit the site once created to add the SharePoint Service Administrator group as an additional admin.
For existing sites, just update the additional admin as per the guidance above.
#2 No SharePoint Service Administrator group to choose from
If you have not assigned the SharePoint admin role to anyone in your tenant yet, the SharePoint Service Administrator role will not be available to select from when trying to assign it as an additional admin. In the below example, this tenant only had one global administrator, but the SharePoint admin role had not been explicitly assigned.
When I tried to add the company administrator role it worked no problem.
Workaround: Assign the SharePoint admin role to those you want to be included in the SharePoint Service Administrator group, or use the Company Administrator group if you only have global admins in your tenancy.
SharePoint Stuff 