Exclude Users From Delve and SharePoint Online People Search
Published Mar 12 2018 12:10 PM 68.1K Views
Microsoft

In support, we receive requests from time to time for information on how-to configure SharePoint People search and Delve results so that specific users do not appear in search results. Many admins want to be able to do this without having to delete or move users to a non-synced OU. The best way to accomplish this is to make the following changes: In your On-premises AD:

  1. Set the profiles AD property msExchHideFromAddressLists to True or Yes
  2. Run a Sync (DirSync etc) which will in turn be synced to SPO(If the change is made in Exchange Online, it will not be synced to SharePoint Online). Hint: You may need to add/update the “MailNickName” attribute in on-prem AD for the msExchHideFromAddressLists  to sync.
  3. msExchHideFromAddressLists AD property contents are mapped to the UPA SPS-HideFromAddressLists

Note: Changing msExchHideFromAddressLists does not remove the user from the Organization view in Delve.

 

Once sync completes to UPA, there will be a profile incremental crawl that needs to complete so that the index has the managed property SPS-HideFromAddressLists. Delve automatically excludes or filter all profiles that have SPS-HideFromAddressLists managed property set to true so no additional changes/configurations need to be done for Delve. However, the SharePoint people search does not exclude these profiles automatically. The following configuration steps need to be performed to exclude these profiles from appearing in the SharePoint Online People search results:

  1. Go to enterprise search people results page: https://contoso.sharepoint.com/search/Pages/peopleresults.aspx
  2. Edit Search Results page
  3. Edit People Results Web Part
  4. Change query
  5. Change Query Text from {searchboxquery} to {searchboxquery} -"SPS-HideFromAddressLists":1

NOTE: because of the dash in the managed property name, the managed property SPS-HideFromAddressLists needs to be enclosed in "" (make sure that you are using the correct "" and - otherwise your search results will be incorrect)

  1. Apply changes to the Search results Web Part
  2. Check-in changes to the Page
  3. Publish changes

NOTE: If you have any customization that use the Local People Results, similar changes needs to be implemented to automatically exclude all profiles configured -"SPS-HideFromAddressLists":1 to be excluded from there as well.

 

Remove the user from the Organization view in Delve:

  1. Find the user that you no longer want to show up in the Organization view in on-premises AD.
  2. Remove the manager value for the user. You will also need to update or change another synced field at the same time for the null value to be successfully synced. Examples of fields used include:  'MailNickName', 'Birthday', etc.   
  3. Run a Sync.

 

Known limitations:

  1. This process does not work for cloud accounts.
  2. If you want the user to be returned in search you will need to change the msExchHideFromAddressLists value to false or no. If the value is only set to null in most cases it will not be synced down to SharePoint Profile and will continue to be removed from search.
  3. Changing msExchHideFromAddressLists does not remove the user from the Organization view in Delve.

 

23 Comments
Steel Contributor

Is there a powershell script to find all places in sharepoint online the search results web part has been added? That's probably a tougher nut to crack, @Tania Menice

Copper Contributor

Hi,
because of the hint: "This process does not work for cloud accounts.", I have the question if there is a solution for cloud accounts?

Obviously there is for those users, who should no longer be displayed in Delve or in search-results, only the deletion or did someone else has another good idea?

Warm regards


@Tania Menice wrote:

...

Known limitations:

  1. This process does not work for cloud accounts.
  2. If you want the user to be returned in search you will need to change the msExchHideFromAddressLists value to false or no. If the value is only set to null in most cases it will not be synced down to SharePoint Profile and will continue to be removed from search.
  3. Changing msExchHideFromAddressLists does not remove the user from the Organization view in Delve.


Andreas

Brass Contributor

Hello,

is this article still actual? We are trying to implement that but it does not look to work.

Copper Contributor

Hello,

 

I tried to do this on Delve and HideFromAddress, but It didn't work.

I need to hide some accounts on Delve, but I can't exclude this accounts from Office365, because I need to preserve the mailbox.

 

Brass Contributor

@Milena Mocci, we are in discussion with MSFT and we have an incident open with them, to make this procedure working.

Main issue is that this could take weeks or months.

The more customers will raise this issue and probably resolution speed will increase :)

Microsoft

@Curzio Scuffi Yes it still works for hiding users from SharePoint People Search (classic experience), I helped a customer through the process a few weeks ago.  It is still limited to only synced users (not cloud only accounts). I checked with the Delve team and there are some updates that are occurring within Delve that could result in the users being returned in search. I am planning on updating the blog to reflect that. 

Copper Contributor

Showing in Delve

Copper Contributor

Can Someone help me to Disable some SharePoint User Profiles to sync from Azure AD
Those users licenses are removed and accounts are disabled(Not completely deleted).
We want store their mailbox and One Drive.

Brass Contributor

Hi all does this work if you are using the modern search experience?

 

Thanks,

 

-Max

Microsoft

@Max Goss  - This is done automatically in the Modern search experience. All of the following are excluded people properties in the modern people search : {?{searchTerms} (-"sps-usertype":1 AND -"sps-hidefromaddresslists":1 AND -"sps-recipienttypedetails"=4 AND -"sps-recipienttypedetails"=16 AND -"sps-recipienttypedetails"=32 AND -"sps-recipienttypedetails"=8589934592 AND -"sps-recipienttypedetails"=17179869184 AND -"sps-recipienttypedetails"=34359738368 AND -"sps-recipienttypedetails"=2199023255552) ContentClass=urn:content-class:SPSPeople}

 

This is discussed in the following: https://techcommunity.microsoft.com/t5/SharePoint-Support-Blog/Improved-Filtering-of-People-Search-R...

Brass Contributor

@Tania Menice- this logic seems to apply to Delve, but it does not apply if you do a search in Portal.office.com or an organisational search in a Modern SharePoint site. If I search Delve for my guest account, it does not find it as you note. However, if I do the same search from portal.office.com it will find my guest account.

 

The instructions above talk about manually adding the "sps-hidefromaddresslists":1 to the People Results source at the SharePoint root. I found that this property was only considered by modern searches once I had done this. Do I need to do the same thing for "sps-usertype":1 if I do not want modern SharePoint People Search to return guest users?

Thanks, 

-Max

Copper Contributor

@Tania Menice  any update on removing former employees (cloud only users) from Delve ?

Copper Contributor

Can someone please help.
Once I get to the step 2 > Go to enterprise search people results page: https://contoso.sharepoint.com/search/Pages/peopleresults.aspx
I get this :

 

photo.PNG

I'm not sure how to reach next steps:

  • Edit Search Results page
  • Edit People Results Web Part
  • Change query
  • Change Query Text from {searchboxquery} to {searchboxquery} -"SPS-HideFromAddressLists":1

 

Copper Contributor

This is done automatically in the Modern search experience. All of the following are excluded people properties in the modern people search : {?{searchTerms} (-"sps-usertype":1 AND -"sps-hidefromaddresslists":1 AND -"sps-recipienttypedetails"=4 AND -"sps-recipienttypedetails"=16 AND -"sps-recipienttypedetails"=32 AND -"sps-recipienttypedetails"=8589934592 AND -"sps-recipienttypedetails"=17179869184 AND -"sps-recipienttypedetails"=34359738368 AND -"sps-recipienttypedetails"=2199023255552) ContentClass=urn:content-class:SPSPeople}

 

Anyone else finding this not to be the case? With the SPS-HideFromAddressLists set to true my users are automatically excluded from Delve, but the Modern SharePoint people search is still returning them, with no way to tweak the query in order to exclude them. 

I asked a question on the Q&A section and am awaiting a solution there 

Anybody out there manage to get this working?

Copper Contributor

Digging a bit further and trying some searching manually I find that using -"sps-hidefromaddresslists":1 does not exclude my users who have got SPS-HideFromAddressList set to true, but using "sps-hidefromaddresslists":0 does. Is this to do with some sort of mixup of datatypes during the AD sync or SharePoint search crawl/result retrieval process? These two options should be logically equivalent. Is Delve doing one and SharePoint Modern People Search doing the other?

Copper Contributor

I recently opened a premier case to get updated information on these topics and this is the response I got: 

********

....

Microsoft does not provide any out of the box options to remove users from Search results. The article that you referencing is a workaround provided by one of our escalation engineers in the past.

 

Please refer the below information:

 

Q] We would like confirmation that the below process (outlined in https://techcommunity.microsoft.com/t5/SharePoint-Support-Blog/Exclude-Users-From-Delve-and-SharePoi...) is supported by Microsoft.

  • The process of excluding users from Delve and SharePoint Online People Search specified in the above article was a workaround suggested keeping the old classic search in mind.
  • This is no longer working as modern search is not customizable. 
  • Please note the approach taken in this article does not remove the People from search results but the query specified in the Search Result Web Part simply hides People while displaying in the search results.
  • Please note: https://contoso.sharepoint.com/search/Pages/peopleresults.aspx People results page in SharePoint Online is deprecated, therefore the changes might have to done on results.aspx page.

...

Q] How can we similarly exclude cloud accounts?

  • Unfortunately, this is not possible. We are not aware of any workarounds for the same.

Even if somehow you would be able to hide the users from classic search, they would still appear in modern search / Microsoft Search.  I checked and confirmed this with our escalation team.

...

*******

The case has already been closed but I wish I would have asked about the statement "This is no longer working as modern search is not customizable. "  I mean, it never was customizable but apparently the default query did  exclude msExchHideFromAddressLists at some point in the past, so why did that change? Also, a curious finding from Matthew Lamb and one which I'll certainly test but be hesitant to leverage until we get clarification from Microsoft.

 

Copper Contributor

I've confirmed that when msExchHideFromAddressLists is set to TRUE, the SPS-HideFromAddressLists UPS property is also set to TRUE. However, as @Matthew Lamb noted, using the query "SPS-HideFromAddressLists":1 in classic search doesn't work, but  "SPS-HideFromAddressLists":0 does work. Huh?!! Why?! This would explain why the default Microsoft search query no longer works as expected. @Tania Menice , any insight on this all these years later?

 

Update: I was using the PnP search web parts for modern and realized that the filter is a *refinement* filter...meaning specify what you want keep, not what you want to get rid of. So SPS-HideFromAddressLists":0 works because we want to display accounts where SPS-HideFromAddressLists = False. Whereas the query used (at least at one time) for Microsoft Search filters out what is NOT wanted (i.e., "SPS-HideFromAddressLists":1), and that is what is not working anymore.

Microsoft

@jmuehlenbein  - there have been some changes recently that I believe that are contributing to this behavior. I'm in the process of digging into this a bit more and will let you know if there are plans to address this long term. 

Copper Contributor

@Tania Menice any update on this? we have multiple accounts for some users and admin accounts, but they're all under a different license. Is there a way to edit the query to only show users with a specific license such as the E3 license?

Brass Contributor

Any update on this we are experiencing the same issue.

Copper Contributor

@rmctague your question, what users have what license, can be answered from the Azure users overview.
If you want this to become visible in People search you could consider adding a custom property to user profiles, e.g. read this blog article: https://vitextra.com/en/support/kb/how-to-create-searchable-user-profile-property

Copper Contributor

A special use case is when more domains share the same tenant. In a staged Merger and Acquisition business scenarion for example.

Would welcome some hide in search option for a selected set of users.
Given the possibility to extend user profiles with custom properties and set the SharePoint search scope this could be achieved with customization. But not sure if this will work in all areas where people can be searched, like in adding members to Teams etc. as there a direct Microsoft Graph query most likely is executed?

Brass Contributor

Setting “ShowInAddressList” Azure AD User object property to “false” is the most effective way to hide an account from Microsoft 365 modern search and org structure.
Exchange Online property "HiddenFromAddressListsEnabled" and SharePoint User Profile property "SPS-HideFromAddressLists" are synchronized with “ShowInAddressList” Azure AD User object property .

Here is my research: Hide User Accounts from Microsoft 365 People Search (for real)

Co-Authors
Version history
Last update:
‎Apr 30 2021 12:41 PM
Updated by: