Give a partner access to your SPO site

Page content

As I described in a previous article you can add a partner to your Office 365 tenant to assist you with managing your tenant. This article goes deeper into what your partner can do in SharePoint Online

Your partner can do the same things as the SharePoint administrator can do, so they see the SharePoint admin portal and can change all the settings. By default, they do not have access to any site collection or the data in your site collections. If you have chosen to add the add the role SharePoint admin to every site collection like I described in this article, your partner is not able to access these site collections. From a security point of view this is great, but what if you need the help of your partner to solve an issue in a specific site collection, should you create a new account for them and use that or use a guest account to solve this?

Well there is a better solution for that, you can give your partner site collection admin rights on the specific site collection to assist you.

How to give your partner access to the site collection?

You can give your partner access to any site collection with the SharePoint administration page of your tenant. Here you select the site collection and click on the button “Owners” and select “Add Support Partner”

This will give you a popup where you can select one of your partners or Microsoft support to have the role of either “HelpdeskAdmins” or “TenantsAdmin”. When you click on “Save” the selected Foreign Principal will be added to your site collection

Now that you have added your partner to the site collection, they can do what the need to do on that site collection.

With the selection of “HelpdeskAdmins” or “TenantsAdmins” you select the role that a partner can give to certain employees. See this post for the details https://support.office.com/en-us/article/About-Office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d

You are not the only person who can add these permissions to the site collections, your partner with the role “TenantsAdmin” can do this as well.

Checking if a partner has access to your site collections

With the above information, you might want to know if a partner has access to your site collections, to do this you can do it by hand and check every site collection for a principal that starts with “c:0?.c|tenant|” in the site collection owners or do it by PowerShell. For a single site collection you can use this code

If you want to do it for every site collection in your tenant you can use this code