I'd like to download all files of all users in a domain/tenant with only one credential information, usually a Global Admin account.
So I have a Global Admin to go through the authorization process, and got the Authentication code, can download all his files, and any files/folders shared by somebody else in the tenant to that Admin user. But that's all. Even the Global admin can not access the other users private files. But in Google we can. With admin credential we can download all the other users in his domain.
I tried to find any solution for this but the only solution is to have very other user's authentication token first, and we handle their files with their own Auth-token. But nobody will accept this approach. They will require "One Admin user, backups all" style solution.
Is this really impossible? Is there any products do this way?
Many thanks.
This is a SharePoint wide limitation. The tenant administrator cannot view/edit items in a site collection, unless specifically given the site collection administrator permissions. However, OneDrive for Business does allow making calls using app delegated permissions (or simply app-only), which is similar to a tenant admin conceptually. You can read more about it here:
https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365
Please note that there is a known issue with downloading user files using app only tokens but we are actively working to fix the issue.