Forum Discussion
john john
Nov 27, 2018Steel Contributor
PNP powershell to disable "Documents" feature from users' Delve pages
when users access their Delve accounts inside office 365 there is an option to disable the "Documents" features, as follow:- Changing this option will disable the "Documents" feat...
john john
Nov 27, 2018Steel Contributor
Deleted wrote:Please refer to this previous thread
https://techcommunity.microsoft.com/t5/Microsoft-Graph/Changing-Delve-Feature-Settings/td-p/40247
It seems like Graph API can be used to update document discovery settings.
thanks for the link, but it is not clear how we can disable "Documents" feature using Graph API..
thosor
Oct 30, 2023Copper Contributor
This should do it 🙂
Create a CSV File
In most cases, you would have more than one user for whom Delve needs to be disabled. Even though, you can type in those names directly in PowerShell as well, it might be a better idea to keep those names in a separate CSV file.
This is how my CSV file looks like – list of Users’ UPN
Azure AD App CSV
Our PowerShell will read through this CSV and Disable Delve for these users.
Script
And Finally the PowerShell script itself
[code]
#Set some variables, Ensure to change them as per your environment
$tenantId = "Tenant ID copied from the registered App"
$clientId = "Client ID copied from the registered App"
#Very important to notice, if there are any $ characters in the generated client secret, those must be pre-fixed with a escape (`) character
$clientSecret = "Client Secret copied from the registered app"
#No need to change these
$scope = "https://graph.microsoft.com/.default"
$tokenURI = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$tokenHeader = @{
‘Content-Type’ = ‘application/x-www-form-urlencoded’
}
#Notice, body should NOT be converted to JSON format
$tokenBody = @{
‘client_id’=$clientId
‘scope’=$scope
‘client_secret’= $clientSecret
‘grant_type’=’client_credentials’
}
#Call the API to get the beaerer token in response
$response = Invoke-RestMethod -Uri $tokenURI -Headers $tokenHeader -Body $tokenBody -Method Post
#Extract the bearer token from response
$AccessToken = $response.access_token
#Prepare header for Graph API call
$headers = @{
‘Content-Type’ = ‘application/json’
‘Authorization’ = ‘Bearer ‘ + $AccessToken
}
#Prepare body for Graph API Call, Essentially this will update the contributionToContentDiscoveryDisabled property to true, disabling Delve
$body = @{
"contributionToContentDiscoveryDisabled" = $true
} | ConvertTo-Json
#Get the users from CSV. Note that the CSV path in this case will be the directory from where PowerShell is being run
$allUsers = Import-Csv -Path DisabledDelveUsers.csv
#Call the Graph API for each user in CSV
foreach($user in $allUsers)
{
#Read the UPN Field from CSV
$UPN = $user.UPN
#Prepare the URI for selected user
$uri = "https://graph.microsoft.com/v1.0/users/$UPN/settings"
#Call the API to Update the property
Invoke-RestMethod -Uri $uri -Headers $headers -Body $body -Method Patch
}
[/code]
And that’s it. If everything goes well, you can verify from Delve that you can’t see documents from those users anymore from within Delve.
Create a CSV File
In most cases, you would have more than one user for whom Delve needs to be disabled. Even though, you can type in those names directly in PowerShell as well, it might be a better idea to keep those names in a separate CSV file.
This is how my CSV file looks like – list of Users’ UPN
Azure AD App CSV
Our PowerShell will read through this CSV and Disable Delve for these users.
Script
And Finally the PowerShell script itself
[code]
#Set some variables, Ensure to change them as per your environment
$tenantId = "Tenant ID copied from the registered App"
$clientId = "Client ID copied from the registered App"
#Very important to notice, if there are any $ characters in the generated client secret, those must be pre-fixed with a escape (`) character
$clientSecret = "Client Secret copied from the registered app"
#No need to change these
$scope = "https://graph.microsoft.com/.default"
$tokenURI = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$tokenHeader = @{
‘Content-Type’ = ‘application/x-www-form-urlencoded’
}
#Notice, body should NOT be converted to JSON format
$tokenBody = @{
‘client_id’=$clientId
‘scope’=$scope
‘client_secret’= $clientSecret
‘grant_type’=’client_credentials’
}
#Call the API to get the beaerer token in response
$response = Invoke-RestMethod -Uri $tokenURI -Headers $tokenHeader -Body $tokenBody -Method Post
#Extract the bearer token from response
$AccessToken = $response.access_token
#Prepare header for Graph API call
$headers = @{
‘Content-Type’ = ‘application/json’
‘Authorization’ = ‘Bearer ‘ + $AccessToken
}
#Prepare body for Graph API Call, Essentially this will update the contributionToContentDiscoveryDisabled property to true, disabling Delve
$body = @{
"contributionToContentDiscoveryDisabled" = $true
} | ConvertTo-Json
#Get the users from CSV. Note that the CSV path in this case will be the directory from where PowerShell is being run
$allUsers = Import-Csv -Path DisabledDelveUsers.csv
#Call the Graph API for each user in CSV
foreach($user in $allUsers)
{
#Read the UPN Field from CSV
$UPN = $user.UPN
#Prepare the URI for selected user
$uri = "https://graph.microsoft.com/v1.0/users/$UPN/settings"
#Call the API to Update the property
Invoke-RestMethod -Uri $uri -Headers $headers -Body $body -Method Patch
}
[/code]
And that’s it. If everything goes well, you can verify from Delve that you can’t see documents from those users anymore from within Delve.