Forum Discussion

john john's avatar
john john
Steel Contributor
Nov 27, 2018

PNP powershell to disable "Documents" feature from users' Delve pages

when users access their Delve accounts inside office 365 there is an option to disable the "Documents" features, as follow:-

 

 

Changing this option will disable the "Documents" feature for the login user only. but now as a global admin, can i run a power shell script which will access all the users' Delve pages and disable the "Documents" feature?

Please note that i only need to disable "Documents" feature from delve, and i do not want to disable the whole office Graph (which i can do from SP admin center >> Setting). so can anyone advice if there is a pnp command or another approach to disable the "Documents" feature from users' Delve pages? Thanks

  • By disabling graph in the spo settings the documents features in delve will be deactivated as well.

     

    br philipp

      • thosor's avatar
        thosor
        Copper Contributor
        This should do it 🙂

        Create a CSV File
        In most cases, you would have more than one user for whom Delve needs to be disabled. Even though, you can type in those names directly in PowerShell as well, it might be a better idea to keep those names in a separate CSV file.

        This is how my CSV file looks like – list of Users’ UPN

        Azure AD App CSV

        Our PowerShell will read through this CSV and Disable Delve for these users.

        Script
        And Finally the PowerShell script itself

        [code]
        #Set some variables, Ensure to change them as per your environment

        $tenantId = "Tenant ID copied from the registered App"
        $clientId = "Client ID copied from the registered App"

        #Very important to notice, if there are any $ characters in the generated client secret, those must be pre-fixed with a escape (`) character
        $clientSecret = "Client Secret copied from the registered app"

        #No need to change these
        $scope = "https://graph.microsoft.com/.default"
        $tokenURI = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"

        $tokenHeader = @{
        ‘Content-Type’ = ‘application/x-www-form-urlencoded’
        }

        #Notice, body should NOT be converted to JSON format
        $tokenBody = @{
        ‘client_id’=$clientId
        ‘scope’=$scope
        ‘client_secret’= $clientSecret
        ‘grant_type’=’client_credentials’
        }

        #Call the API to get the beaerer token in response
        $response = Invoke-RestMethod -Uri $tokenURI -Headers $tokenHeader -Body $tokenBody -Method Post

        #Extract the bearer token from response
        $AccessToken = $response.access_token

        #Prepare header for Graph API call
        $headers = @{
        ‘Content-Type’ = ‘application/json’
        ‘Authorization’ = ‘Bearer ‘ + $AccessToken
        }
        #Prepare body for Graph API Call, Essentially this will update the contributionToContentDiscoveryDisabled property to true, disabling Delve
        $body = @{
        "contributionToContentDiscoveryDisabled" = $true
        } | ConvertTo-Json

        #Get the users from CSV. Note that the CSV path in this case will be the directory from where PowerShell is being run
        $allUsers = Import-Csv -Path DisabledDelveUsers.csv

        #Call the Graph API for each user in CSV
        foreach($user in $allUsers)
        {
        #Read the UPN Field from CSV
        $UPN = $user.UPN

        #Prepare the URI for selected user
        $uri = "https://graph.microsoft.com/v1.0/users/$UPN/settings"
        #Call the API to Update the property
        Invoke-RestMethod -Uri $uri -Headers $headers -Body $body -Method Patch

        }
        [/code]

        And that’s it. If everything goes well, you can verify from Delve that you can’t see documents from those users anymore from within Delve.

Resources