🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
SharePoint Online

How to Audit Who Granted OneDrive Access to Others in Microsoft 365

Did you know users can share their entire OneDrive without any access restrictions? Permissions granted to unauthorized users can lead to sensitive information being exposed. That’s why it’s essential to monitor OneDrive access and track who granted it. In this guide, we’ll show you how to identify who granted OneDrive access to another user in Microsoft 365.

Solution 1
Solution 2
Solution 3
Important Tips
Errors and Resolution Steps
FAQs

Using Microsoft Purview Portal

Microsoft 365 Permission Required
View-only Audit Logs Role Least Privilege
Global Admin Most Privilege
  • Log in to the Microsoft 365 Purview portal and navigate to the Audit section.
  • Customize the start and end date as per your requirement.
  • Now, select Added site collection admin from the Activities - friendly names dropdown and choose OneDrive from the Workloads section.
  • Click on Search. Once the search is completed, you can view all the added site collection admins.
  • Use the Export option in the results to download the added site collection admin report as a CSV file.
Using Microsoft Purview Portal

Using Windows PowerShell

Microsoft 365 Permission Required
View-only Audit Logs Role Least Privilege
Global Admin Most Privilege
  • Connect to the Exchange Online management shell using the below cmdlet.
  • Windows PowerShell Windows PowerShell 
     Connect-ExchangeOnline
  • Run the below cmdlet to find who granted OneDrive access with other users in Microsoft365.
  • Windows PowerShell Windows PowerShell 
     Search-UnifiedAuditLog -StartDate "mm/dd/yyyy" -EndDate "mm/dd/yyyy" -Operations "SiteCollectionAdminAdded" | Where-Object {($_.AuditData | ConvertFrom-Json).Workload -eq 'OneDrive'} |
ForEach-Object {$data = $_.AuditData | ConvertFrom-Json
[PSCustomObject]@{ 
'Creation Time' =     $data.CreationTime 
'Added User'=    $data.TargetUserOrGroupName 
'URL'   = $data.ObjectId 
'Added By'  = $data.UserId 
}} | Format-Table -AutoSize
Using Windows PowerShell

Executing the above cmdlet retrieves OneDrive access granted in Microsoft 365, showing who granted access, who received it, and the associated URL.

AdminDroid Microsoft 365 OneDrive Reporting

Ensure secure collaboration with OneDrive access tracking and advanced activity reports!

AdminDroid’s OneDrive reporting tool simplifies tracking OneDrive access management. The reports provide insights into who granted access to files, folders, or an entire OneDrive, the permissions assigned, and how resources are shared. This ensures optimal control over your data.

Track All Your OneDrive Folder Activity with AdminDroid

Use the all activities related to OneDrive folder report to audit folder access with detailed insights and detect unauthorized changes promptly.

Verify OneDrive Access Removal with AdminDroid’s Report

Utilize OneDrive site collection admin removed report from AdminDroid to confirm that the access granted has been revoked promptly after collaboration ends.

Monitor All OneDrive and Site Permission Level Added

With the help of AdminDroid's permission levels added report, you can keep track of permissions on your OneDrive site and avoid unnecessary access that could lead to file deletions or modifications.

Automate Report Generation for Granted OneDrive Access

Use AdminDroid's scheduling feature to automate reports on OneDrive access granted to others. This enables you to receive timely updates and perform regular monitoring without manual intervention.

Get a Summary of All OneDrive File Changes Activity

Monitor all activities related to OneDrive files to ensure accountability, improve collaboration, and reduce risks of data loss or unauthorized changes.

Stay Informed About New Group Members

The members added to OneDrive group report allow you to easily track when new members joined your OneDrive access granted group. This helps you quickly revoke permissions if you spot any unauthorized access.

In conclusion, AdminDroid’s OneDrive management tool offers a comprehensive solution to track OneDrive sharing activities. It provides detailed reports on access permissions, file creation, and sharing activities, to ensure complete visibility. Additionally, it keeps you informed by generating proactive alerts, to stay ahead of potential issues and maintain control with ease.

Explore a full range of reporting options
Download Live Demo

Important Tips

Before granting OneDrive access to another user, enforce a retention policy to ensure that any unauthorized file deletions are preserved in the preservation hold library of OneDrive.

When granting temporary access to others in OneDrive, ensure you revoke their access promptly after the task is completed to maintain data security.

Instead of granting full access to your OneDrive, share only the specific file or folder needed to avoid oversharing and enhance security.

Common Errors and Resolution Steps

The following are the potential errors and troubleshooting hints while auditing who granted OneDrive access in Microsoft 365.

Error Cannot bind argument to parameter ‘site’ because it is null.

This error occurs when the value for target OneDrive site is left empty.

Fix Ensure that the entered ‘Target User’s UPN’ (User Principal Name) is correct and check if the $targetSite variable is being populated correctly.

Error Connect-SPOService : Could not connect to SharePoint Online.

This error occurs when invalid credentials are provided or if your account lacks the necessary admin permissions to connect to SharePoint Online.

Fix Ensure you are using the correct credentials with the necessary permissions, such as SharePoint Administrator or another high-privileged role.

Error The term 'Search-UnifiedAuditLog' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs while executing the Search-UnifiedAuditLog cmdlet without connecting to the Exchange Online PowerShell module.

Fix Before running the ‘Search-UnifiedAuditLog' cmdlet, first connect to the Exchange Online PowerShell module. 
Connect-ExchangeOnline

Error Cannot Process argument transformation on parameter EndDate Microsoft.Exchange.ExchangeSystem.ExDateTime. “String 10/12/2024” was not recognized as a valid Datetime. Cannot convert value to type.

This error occurs when the date is entered in an incorrect format while using 'Search-unifiedauditlog' cmdlet, preventing PowerShell from converting the string '10/12/2024' into a valid DateTime object.

Fix Always use a consistent and recognized date format, such as "MM/DD/YYYY", to ensure correct interpretation by PowerShell.

Error Search duration is too long. Please select a date range of less than 6 months.

This error will occur in the audit log search of the Purview portal if the selected date and time range exceed the limit.

Fix In Microsoft Purview Audit (Standard), logs can be retained for a maximum of 180 days. So, you need to give a time range within this period.

Error Remove-SPOUser : Attempted to perform an unauthorized operation.

This error occurs when your account lacks the necessary admin permissions to connect to SharePoint Online.

Fix Ensure you are using the correct credentials with the necessary permissions, such as SharePoint Administrator or another high-privileged role.
OneDrive
Frequently Asked Questions

Manage OneDrive Access in Microsoft 365 Efficiently for Secure Collaboration

How a user can grant access to OneDrive without involving an admin?
How can admins access another user's OneDrive in Microsoft 365?
How admins can grant OneDrive access to bulk users in Microsoft 365?
How to set up an alert for notifications when OneDrive access is granted to another user?

1. How a user can grant access to OneDrive without involving an admin?

Sharing OneDrive access is helpful during the absence of the primary user, such as during vacations or emergencies. It ensures teamwork and workflows continue smoothly without admin help, as users can easily share their entire OneDrive.

Other users will get access to your OneDrive when a user is given site collection administrator rights. To do so, follow the steps below.

  • Log in to the OneDrive with your Microsoft 365 account credentials.
  • Click the Settings (⚙️) icon in the top-right corner and select OneDrive settings.
  • In the left pane, select the More Settings tab and click on Site Collection Administrators under the Manage Access section. Here, you can see the existing site collection administrators present in your OneDrive.
  • Enter the User Principal Name (UPN) of the user(s) you want to add in the Site Collection Administrators box, then click OK.
  • Share the link to your OneDrive with the user(s) you have granted access to.
steps-to-grant-user-onedrive-access
onedrive-access-granted-user

Similarly, users can revoke other's access by excluding them from the site collection administrators.

Note: Users can remove any site collection administrator from their OneDrive, regardless of whether they were added by another user or an admin.

2. How can admins access another user's OneDrive in Microsoft 365?

An admin can access a user’s OneDrive without consent during situations like employee deprovisioning or emergencies to ensure important files remain accessible. Once accessed, the admin can download the files or move them to their own OneDrive. This ensures critical data is always available when needed.

Steps to access a user's OneDrive using the Microsoft 365 Admin Center

  • Log in to the Microsoft 365 admin center and navigate to the Users»Active Users.
  • Click on the user whose OneDrive you want to access and go to the OneDrive tab in the flyout pane.
  • Under the Get access to files section, click Create link to files and use the generated link to access the user's OneDrive.
admin-ondrive-link-generate-steps

Note: The link created will work only for the global admin who generated it. This method should be used only in rare cases and is generally not encouraged.

3. How admins can grant OneDrive access to bulk users in Microsoft 365?

When multiple users need access to OneDrive for cross-team collaborations or shared projects, administrators can use group-based access. They can grant access to multiple users in bulk to streamline management.

Grant OneDrive access to multiple users using the SharePoint Admin Center

  • Log in to the SharePoint admin center, go to the More features tab, and click Open under the User profiles category.
  • Under the People tab, select Manage User Profiles.
  • In the Find profiles text box, enter the name or User Principal Name (UPN) of the user whose OneDrive needs to be accessed by others, and click Find.
  • On the search results, click the appropriate user and select Manage site collection owners from the dropdown.
  • Add the users or group you want to grant access to in the Site Collection Administrators field and click OK.
  • Then, choose the Manage Personal Site option for the corresponding user, which will redirect to their OneDrive page. From there, copy the site's URL and share it with the users assigned as the site collection administrators.

Note: Add site admins only to the Site Collection Administrators field. Avoid making any changes to the Primary Site Collection Administrator field, as it may result in the respective user losing access.

bulk-onedrive-access-grant-sharepoint
bulk-onedrive-access-grant-user-addition

Grant OneDrive access to another user using PowerShell

To grant OneDrive access, first connect to the SharePoint Online Management Shell using the below cmdlet.

Connect-SPOService -Url "<AdminCenterURL>"

Next, run the script below, replacing “<Target User's UPN>” with the UPN of the user whose OneDrive needs to be shared, and "<email@example.com>" with the site collection administrators to whom you want to grant access.

$targetSite = Get-SPOsite -IncludePersonalSite $true -Filter "Owner -eq <Target User's UPN>" | Where-Object { $_.Url -like "*/personal/*"}
$userEmails = @("<email1@example.com>", "<email1@example.com>")
foreach ($userEmail in $userEmails) {Set-SPOUser -Site $targetSite.Url -LoginName $userEmail -IsSiteCollectionAdmin $true}

Similarly, to revoke admin access to a user's OneDrive, execute the code snippet below.

$targetSite = Get-SPOsite -IncludePersonalSite $true -Filter "Owner -eq <Target User's UPN>" | Where-Object { $_.Url -like "*/personal/*"}
$userEmails = @("<email1@example.com>", "<email2@example.com>")
foreach ($userEmail in $userEmails) {Remove-SPOUser -Site $targetSite.Url -LoginName $userEmail}

4. How to set up an alert for notifications when OneDrive access is granted to another user?

OneDrive for Business is a secure platform for storing and sharing files, used for tasks like file management, projects, and data recovery. However, granting full access can expose sensitive data, as recipients can modify, delete, or share files without oversight.

That’s why setting up alerts when OneDrive access is granted helps maintain accountability and protect data by identifying unauthorized activities.

Configure an Alert Policy for Site Collection Admin Addition

  • Log in to the Microsoft Defender portal and navigate to Email & Collaboration»Policies & Rules»Alert Policy.
  • Click New alert policy and name the policy.
  • From the Severity dropdown, Choose the severity level based on your requirements.
  • From the Category dropdown, select Threat management from the Activities field.
  • In the Activity is box, Select an activity Added site collection admin.
  • Under the How do you want the alert to be triggered?, choose Every time an activity matches the rule and Click Next.
  • In the Email recipients box, select the users want to get notified when the alert triggered. From Daily notification limit dropdown, set the desired notification limit. Then, click Next.
  • In the Review your settings tab, under Do you want to turn the policy on right away?, choose the appropriate option based on your needs. Review all your configuration, then click Submit and hit Done.
onedrive-access-admin-alert-config1
onedrive-access-admin-alert-config2

To address this, AdminDroid provides a policy template that triggers alerts when OneDrive access is granted to another user.

  • This template ensures that alerts are triggered exclusively for OneDrive access and eliminates unnecessary notifications related to SharePoint site access.
  • Additionally, AdminDroid’s threat management alert report categorizes all alerts generated by Microsoft 365, making it easier to analyse them without feeling overwhelmed.
onedrive-access-alert-audit-admindroid

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
SharePoint Online
How to Audit Who Granted OneDrive Access to Others in Microsoft 365
SharePoint Online Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo