This should do it
🙂Create a CSV File
In most cases, you would have more than one user for whom Delve needs to be disabled. Even though, you can type in those names directly in PowerShell as well, it might be a better idea to keep those names in a separate CSV file.
This is how my CSV file looks like – list of Users’ UPN
Azure AD App CSV
Our PowerShell will read through this CSV and Disable Delve for these users.
Script
And Finally the PowerShell script itself
[code]
#Set some variables, Ensure to change them as per your environment
$tenantId = "Tenant ID copied from the registered App"
$clientId = "Client ID copied from the registered App"
#Very important to notice, if there are any $ characters in the generated client secret, those must be pre-fixed with a escape (`) character
$clientSecret = "Client Secret copied from the registered app"
#No need to change these
$scope = "
https://graph.microsoft.com/.default"
$tokenURI = "
https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$tokenHeader = @{
‘Content-Type’ = ‘application/x-www-form-urlencoded’
}
#Notice, body should NOT be converted to JSON format
$tokenBody = @{
‘client_id’=$clientId
‘scope’=$scope
‘client_secret’= $clientSecret
‘grant_type’=’client_credentials’
}
#Call the API to get the beaerer token in response
$response = Invoke-RestMethod -Uri $tokenURI -Headers $tokenHeader -Body $tokenBody -Method Post
#Extract the bearer token from response
$AccessToken = $response.access_token
#Prepare header for Graph API call
$headers = @{
‘Content-Type’ = ‘application/json’
‘Authorization’ = ‘Bearer ‘ + $AccessToken
}
#Prepare body for Graph API Call, Essentially this will update the contributionToContentDiscoveryDisabled property to true, disabling Delve
$body = @{
"contributionToContentDiscoveryDisabled" = $true
} | ConvertTo-Json
#Get the users from CSV. Note that the CSV path in this case will be the directory from where PowerShell is being run
$allUsers = Import-Csv -Path DisabledDelveUsers.csv
#Call the Graph API for each user in CSV
foreach($user in $allUsers)
{
#Read the UPN Field from CSV
$UPN = $user.UPN
#Prepare the URI for selected user
$uri = "
https://graph.microsoft.com/v1.0/users/$UPN/settings"
#Call the API to Update the property
Invoke-RestMethod -Uri $uri -Headers $headers -Body $body -Method Patch
}
[/code]
And that’s it. If everything goes well, you can verify from Delve that you can’t see documents from those users anymore from within Delve.