SharePoint Online Administration, Step by Step

The SharePoint Online service is a cloud-based platform designed to facilitate collaboration. Your users can share documents, calendars, lists, pictures, discussion boards and more with users inside your network and, in some cases, with people outside your network, such as partners or vendors. With this platform, even small companies are able to have their own corporate intranet, without spending their budget on infrastructure or staff. In addition, SharePoint Online provides web services for developers to access SharePoint data.

This article will help you learn the critical details you need to effectively administer your SharePoint Online environment.

Understanding the Default Site Structure

The basic unit of SharePoint content is the site collection — a group of sites with similar characteristics that can be managed as a whole. By default, your Office 365 subscription includes two site collections:

  • A default team site collection, https://yourtenantname.sharepoint.com, which is a basic SharePoint site designed for collaboration. You can create additional sites in this site collection for individual teams, projects, meetings and so on. Team sites provide a place for your teams to organize and collaborate on content, data, reports and news. Creating a site in SharePoint Online is very similar to the process in on-premises SharePoint; the main difference is that for SharePoint Online, you won’t be able to select a web application.
  • A default public website collection, https://yourtenantname-public.sharepoint.com, which was originally designed to host the public-facing website for your company. This functionality is being deprecated, so I recommend ignoring this site collection.

You can also create your own site collections. Many organizations choose to use site collection templates because they make the process faster and easier than developing everything from scratch.

In addition to those two tenant-wide site collections, you also get individual “MySite” sites for each user in your tenant who has a SharePoint Online license. MySite is essentially a front end to the OneDrive for Business service; it’s where each user’s one terabyte of storage space is found. This storage space can be synchronized to desktops and laptops so that a person’s documents are always on whatever device they are using. We will talk more about OneDrive for Business later in this guide.

Administering SharePoint Online

To get started with SharePoint Online administration, access the Office 365 SharePoint admin center by heading to https://yourtenantname-admin.sharepoint.com. The administration user experience is designed to be simple but effective. Log in, and then you will see a screen like this:

SharePoint Online Administration Center

Figure 1. The SharePoint administration center

Types of SharePoint Online Site Content

SharePoint Online has a defined list of content types that you can create on a site. They include:

  • Page. A page is exactly what it sounds like — a page that is edited in the browser using the editor functionality in SharePoint. Pages primarily contain text, but you can embed images, links, lists and web parts (little bits of code) in them.
  • Document library. A document library is a set of Word and other files. You can create folders to structure the documents logically within the library. To modify a file, a user must check it out and back in; this ensures that only one person edits a file at any given time and enables you to keep previous versions so you can see the revision history of a given document.
  • Other kinds of libraries. There are form libraries that store XML forms which your business can use to route information through Microsoft InfoPath; picture libraries that store image files; and wiki page libraries, which basically create a quick way to edit text and have it remain on the web as well as link that text to other pages — a poor man’s shareable text editor, you might say.
  • Site. Sites are basically collections of content, so you can create sites underneath your main SharePoint site to collect related materials that deserve their own focus. Meetings, blogs, documents and teams might have their own sites within a larger site.
  • List. Lists are collections of like items, such as links, announcements, contacts or tasks. More complex lists include a calendar, an editable datasheet, a discussion board, an issue tracking list, a list of project tasks with a Gantt-like chart, a survey, or an imported spreadsheet.

In addition to enabling you to administer SharePoint Online, the Admin Center enables you to manage Office 365 groups as well.

Best Practices for Structuring SharePoint Online

When you are first starting with Office 365, it’s important to give some thought to how you will structure your SharePoint sites. To simplify site collection administration, most SharePoint experts recommend creating site collections based on the types of permissions that users and creators will need. For example, you might want to have separate site collections for sales and marketing, customer support, research and development, and operations. Within each of those site collections, site collection administrators might give users permission to create subsites at will, so that teams can manage their own sites and IT isn’t a bottleneck.

Understanding Groups and Permissions

Some of the most common administrative tasks are granting, modifying and removing permissions from Office 365 users. The easiest way to understand SharePoint permissions is to compare them to standard NTFS permissions like you have in Windows — groups of SharePoint users can have read and write (and some other SharePoint-specific) permissions granted to them.

You can see what permissions are available to grant on the ribbon of each SharePoint site, on the Permissions tab:

SharePoint Online Administration Viewing Permissions and Groups for the Default SharePoint Team Site in a Tenant

Figure 2. Viewing permissions and groups for the default SharePoint team site in a tenant

On this page, you can create a new group; grant, edit or revoke permissions for the default groups (Team Site Members, Team Site Owners and Team Site Visitors); and check permissions on a specific user or object.

If you click Permission Levels in the Manage section of the ribbon, you can see all of the permission levels available, as well as create or delete permission levels:

SharePoint Online Administration Viewing and Managing Permission Levels

Figure 3. Viewing and managing permission levels

If you want to create new groups of users so that you can assign them SharePoint permissions more granularly, the easiest option is to use the regular Office 365 admin center. Since the entire service is based on Azure Active Directory, the groups you create in one application are available for use in other applications, just as you would expect if you created security groups in your on-premises Active Directory. Here is the process for creating a new group

  1. Go to the administrative portal at https://admin.microsoft.com/AdminPortal/Home#/homepage.
  2. In the menu at the left, hover over the icon with multiple people. From the pop-out menu, click Groups.
  3. Click + Add a Group.
  4. Fill out the form to create a new mail-enabled security group. At this time, do not create an Office 365 group — that is a different type of group that is irrelevant to our purposes right now. A mail-enabled security group is a group of users that can be assigned permissions in various sites and services but that can also be addressed through a single alias like an Exchange distribution group can.

SharePoint Online Administration Creating a New Group

Figure 4. Creating a new group

Enabling Versioning

One of the neat features of SharePoint Online is the service’s built-in support for versioning of documents. When versioning is enabled, SharePoint will create a new version of a file each time it is saved. This makes it easy to create an audit trail, see recent activity, review who made which changes and back out unwanted revisions. Most businesses that work on sets of docs for long periods of time will find versioning helpful.

You enable versioning on document libraries. On a team site, for example, click Documents, click the site settings wheel at the top right of the window (within the black bar) and then click Library Settings. On the resulting page, under General Settings, click Versioning settings. You’ll see this page:

SharePoint Online Administration Versioning Settings for a Document Library

Figure 5. Versioning settings for a document library

Make sure one of the versioning options — either “create major versions” or “create major and minor (draft) versions — is enabled and click Save. Then, when your users are creating, modifying and saving documents to that library, they’ll be able to see and use different versions in the history of the documents.

I recommend against enabling minor versions because every small change will generate a new version of the file. While SharePoint is relatively efficient at storing files, you can quickly find your storage allotment eaten up with files that add little value to the versioning history. Unless you have a specific need, stay with the “Create major versions” option.

SharePoint automatically tracks the different versions. Users can access them from the web but not directly from Microsoft Word, so instruct your users to head to the team site document library when they need to see older versions. To see and edit different versions, click next to a file in a document library, and from the pop-up menu, select Version history. You’ll see a screen like this one:

SharePoint Online Administration Accessing an Older Version of a File in a SharePoint Online Document Library

Figure 6: Accessing an older version of a file in a SharePoint Online document library

To edit a particular version, simply click the hyperlink.

Using Recycle Bin

When you delete items (including OneDrive for Business files) from a SharePoint site, they’re sent to the site’s Recycle Bin, and you can restore them from there if you need to. When you remove items from a site’s Recycle Bin, they’re sent to the site collection’s Recycle Bin. A SharePoint site collection administrator can view items in the site collection’s Recycle Bin and restore them to their original locations. If an item is deleted from the site collection’s Recycle Bin, or its retention time elapses, it is permanently deleted.

To remove site collections, you need to have the right permissions. If the feature is not available, you don’t have permission to perform the operation. When you delete a site, you also delete any subsites, content and information associated with the site. The site collection administrator can restore it from the site collection’s Recycle Bin.

Configuring Sharing

One of the biggest draws of SharePoint Online is the ability to share content with people outside your organization. With such a configuration, SharePoint Online gets extranet-like functionality with a couple of clicks. For example, you can share a document, a document library or even whole site with users external to your organization without worrying (at least from the end user’s perspective) about federation, identity management, mapping credentials and all that jazz. External users typically only need to view and contribute information (i.e., read, add and update); they do not need the rights to make structural changes to the SharePoint site or create new elements like subsites. Note that you must have a global or SharePoint administrator role in Office 365 to configure external sharing.

But some companies, especially those with more stringent or sensitive regulatory and compliance requirements, want to completely disable the ability for external users to access or even receive invitations to the content stored in their tenant. Luckily, one command in PowerShell turns this ability on and off. To completely disable external sharing, use this command:

Set-SPOSite –Identity https://yoursite.sharepoint.com/sites\ /thesiteyouwant -SharingCapability Disabled

To enable both external user and guest (i.e., unauthenticated) access, use this command:

Set-SPOSite –Identity https://yoursite.sharepoint.com/sites\ /thesiteyouwant -SharingCapability ExternalUserAndGuestSharing\

To enable only authenticated external users (no guests) to have content shared with them, use this command:

Set-SPOSite –Identity https://yoursite.sharepoint.com/sites\ /thesiteyouwant -SharingCapability ExternalUserSharingOnly


That covers the basics of SharePoint Online administration. If you’re ready to learn more about managing Office 365 and its applications, explore this series of blog posts. They explain administration in simple terms so you can create a secure and effective cloud environment.

Author, consultant, and speaker on a variety of IT topics. Jonathan has written books on Windows Server and related products and has spoken worldwide on topics ranging from networking and security to Windows administration.