Forum Discussion
Mark-Kashman
Microsoft
MicrosoftUnderstanding security and privacy of Delve and intelligent experiences in Office 365
Within Office 365, Delve is an intelligent service aimed at helping users stay in the know – to discover new, relevant information and people based on who they work with and the content they work on....
That's true. Where I was, Delve really freaked out a lot of people to begin with, during a SharePoint rollout, senior managers wanted it disabled almost straight away. That's when I asked this question at the time - Disabling Delve?
After explaining exactly how it works and that Delve doesn't change anything, it was accepted and the subsequent training was upfront about Delve and what it does. We also talked about this in the Product Spotlight: Delve by the way.
I totally agree that once users are educated, their concerns with regards to what Delve surfaces gradually diminishes. However, many companies don’t invest adequately upfront in training their users. Then all it takes is one senior manager to stumble across sensitive documents their co-workers are currently working on in Delve, and thereafter Office Graph will be disabled indefinitely.
From a customer perspective (in my experience) they would far rather mitigate risk when enabling Office Graph initially without having to make an all or nothing decision. In such scenarios, tweaking the HideFromDelve managed property in the search schema should be a very simple exercise - I say “should” because I haven’t personally tested it. Theatrically it “should” work 😊!
With this approach you could also implement the completely opposite intended behaviour to surface only “approved” content in Delve by adding the HideFromDelve site column to all document libraries where you "want" to surface content in Delve, with the default value for the HideFromDelve site column set to "False" instead of True.
Some granularity I think would be appreciated, HideFromDelve is good to have but more central control either user or on a site/document library basis might be helpful.
I get the impression that disabling Office Graph is discouraged really and that's probably why there aren't more options. It's like a deterrent with the all or nothing approach. Office 365 after all without Office 365 Graph is going to be rather backwards!
I would say it's catch 22 and the way works now is likely necessary in order to deliver the next wave of auto classification for content in terms of Information Sensitivy from a Security and Compliance perspective. The Graph API is probably needed to do this. If content is automatically secured based on classification policies, this becomes irrelevant.
For example a policy could dictate that contain specific words or phrase, and such documents cannot be shared to "Everyone" for example. Other policies could be created to protect information is any site classified as HBI, etc.
I must mention one caveat though - this approach will only hide content in Delve which has been tagged as a “Document” document during the crawl process. If the “SharePoint:isDocument” is set to “False” (No) during the crawl, the effective value for the “HideFromDelve” property for item crawled will thus also be set to “False”, so that item could thus still surface in Delve.