OneDrive for Business: Revise the "Access Files" feature in the Microsoft 365 admin center
Currently, admins with the SharePoint administrator role can easily access the personal OneDrive for Business library of other users in the same tenant following the steps described below:
- Search for the user in the Microsoft 365 admin center
- Click on "OneDrive Settings"
- Click on "Access files"
Subsequently, the admin performing these steps is added as site collection admin to the OneDrive for Business site collection of the user.
While we trust each other within our team, this feature might be a huge concern to other people in the company. In addition, users might lose trust in Office 365 if they get to know about this.
Also, we recently had an issue with a third-party tool that exploited this feature to assign one of the admins as site collection admin to all OneDrive for Business site collections in the background without his knowledge.
Thus, I think that there should be an option to either turn off this feature entirely or restrict it to global admins.
I really support this idea. Today, one of our admin accesses human resource manager onedrive files. This direct access is very dangerous. At least I would suggest and email alert to all global admin that some admin accessed some user onedrive files. Add non owner file access notification also can help admin to protect users data privacy.