Home

Understanding security and privacy of Delve and intelligent experiences in Office 365

Microsoft

Understanding security and privacy of Delve and intelligent experiences in Office 365

[ Edited ]

Within Office 365, Delve is an intelligent service aimed at helping users stay in the know – to discover new, relevant information and people based on who they work with and the content they work on. Delve proactively discovers content across Office 365 and connects users to content and people, intuitively and in a personalized fashion. Powered by the Microsoft Graph, Delve brings you information from across Office 365 – OneDrive for Business, SharePoint Online, Exchange Online, Yammer, Office 365 Video and more. Delve will only show you content that you have access to—it always respects the permissions and security policies of that content.

 

We want to provide insight and clarity for the security and privacy that comes with, and backs, Delve in Office 365. And to be clear about what role the Microsoft Graph plays, examples of how it is used in Delve and throughout Office 365.

Security and Privacy

Delve is covered under the Office 365 Trust Center and meets all of the requirements of our highest level of compliance which Microsoft refers to as “Tier D” compliance, e.g., ISO 27001 and 27018 certification, SOC 1 and SOC 2 compliance. Delve is also licensed under the Microsoft Standard Online Services Terms which include commitments such as the EU Model Clauses. This, too, applies to the Microsoft Graph - the underlying intelligence service that uses advanced analytics to provide relevant, personalized insights via Delve and other user interface experiences throughout Office 365. You can read more within the public “Office 365 Compliance Framework for Industry Standards and Regulations" document (.pdf).

 

Customers own their Microsoft Graph data, which is stored in their partition of Office 365. The Microsoft Graph data has the same protection and security as other customer data stored in other Office 365 services.

 

Delve never changes any permissions on content or other information. Users only discover what they already have permission to see. Only you can see your private documents in Delve, unless you decide and act to share them. It is important content owners establish and maintain any required or desired access rights and permissions on the content/documents themselves. Documents are not stored in Delve, but rather they are only displayed within the Delve experience from where they are stored, for example OneDrive for Business or a SharePoint Online document library. People can't see each other's private activities, such as what documents they've read, what emails they've sent and received, or what Skype for Business conversations they've been in. People can see when others modify a document, but only if they have access to the same document. What you see when you open Delve is personalized to you, and no one else sees the same files, content, and activity you do.

 

It is possible to opt out of Delve at both the tenant level and the user level. Once opted out, users will not see the Delve tile in the Office 365 app launcher. Opted out users’ document activity (documents they are accessing) is no longer used to help others discover their content. Additionally, various services that surface content and recommendations from the Microsoft Graph to provide intelligence throughout Office 365 will simply not appear. They, too, may revert to previous non-Graph-based methods -- for example, search-based vs graph-based. One example, if you opt out, you would not see the new "Discover" tab within OneDrive for Business - yet the core of OneDrive for Business remains intact.

 

To learn more, please review these two important Delve security and privacy support articles; the first for admins and second for users: "Office Delve for Office 365 admins", "Are my documents safe in Office Delve?". Additionally, it is important to understand permissions levels in SharePoint and other content repositories; examine existing permissions if you perceive any unintended exposure.

The Microsoft Graph – supporting the business user and the developer

The content, activity, people, and recommendations that surface in Delve and other intelligent experiences are powered by Microsoft Graph. The Microsoft Graph represents a collection of content and people, and the activity that happens across the entire Office suite. From email, social conversations, and meetings, to documents in SharePoint and OneDrive, the Microsoft Graph maps the relationships among people and information, and acts as the foundation for intelligent experiences, providing more relevant and personalized experience to each user. The Microsoft Graph uses sophisticated machine learning techniques to connect people to the relevant content, conversations and people around them. 

 

Delve_security-and-privacy_image-001.png

A visual representation of the various content sources and signal Delve and the Microsoft Graph leverage to help make discovery or relevant content and people possible.

 

Review which types of content you can expect to see in Delve. And learn more about the Microsoft Graph.

Intelligence beyond Delve, throughout Office 365 and beyond

The value of infusing intelligence within Delve, and throughout Office 365 applications, means you have access to intelligent information and insights right where you are working without leaving the app or experience where you are working. You’ll see intelligence in OneDrive for Business in the form of the Discover tab where you’ll find others’ files related to what you are working on. The home page of a SharePoint team site surfaces activities in the site, the SharePoint mobile app and the SharePoint home in Office 365 suggest sites of possible interest and recent activity, plus Outlook’s Focused Inbox, where the Graph helps identify and eliminate clutter in your email stream.

 

 

Delve_security-and-privacy_image-002.png

 

Screenshots on web and mobile where the value of intelligence from the Microsoft Graph surfaces throughout the various Office 365 workloads.

 

The effect of opting-out of Delve will reduce the intelligence and discovery experiences in Office 365. It is our recommendation to not opt out.

 

It is also possible to program your own custom solutions for any device with the intelligence from the Microsoft Graph. Developers leverage a single end point that provides access to a common set of simple, modern APIs. Using the Microsoft Graph API, developers can consume Office 365 data in their apps to create custom, personalized experiences for their users. You can learn more about developing with the Microsoft Graph at https://graph.microsoft.io. And the same data access security and privacy model, as articulated above, remains with custom applications that use the Microsoft Graph API. Custom applications querying the Microsoft Graph do so under the security context of the user and will only return content to which the user has been given permissions.

 

Delve and intelligence customer evidence

As you move from learning about Delve and the Microsoft Graph, into how you and your company can best introduce the value and capabilities to your users, it’s helpful to review how other companies chose to move forward, helping them to overcome a variety of challenges facing them. Below are two recent examples of companies that committed to putting Delve and the Microsoft Graph to use in production, into their evolving digital workplaces.

 

Marks & Spencer | M&S is a global, multichannel retailer with more than 1,330 stores selling innovative food and quality clothing to people living in many different cultures. They wanted to find a way to unite the company. To promote unity, they sought the right technology tools to support a new business culture— one that is modern, agile, connected and collaborative—that’s defined by a digital mindset across a single global company.

 

Alongside their company portal, serving 80,000 employees, Delve provides intelligent people discovery. “We plugged Delve into our company directory, so employees can look for individuals and see their managers and who they work with. We view Delve as a quick and easy way to find current data to keep us moving at a fast pace in this fast-paced business.” says Carl Dawson, IT Director.

 

Please review the full Marks & Spencer case study + video.

 

Weleda | Based in Arlesheim, Switzerland, Weleda has offices and partnerships in more than 50 countries. They needed to connect employees to the relevant content, conversations, and people around them. By “embedding Delve-like functionality into our intranet, it helps employees stay better connected to the colleagues, information, and projects that mean the most to them,” says Vladimir Filev, Enterprise Architect. Weleda employees are using Microsoft Office 365 to work closely with colleagues worldwide, transforming an email-driven workplace into an inclusive, connected culture that promotes individual achievement to improve global productivity and drive innovation.

 

“Because Delve has such a great search engine,” Filev continues, “I’m able to keep track of contacts and files across multiple projects I’m involved with. In terms of personal time management, I find Delve very helpful.”

 

Please review the full Weleda case study.

Intelligence rests on trust

Microsoft is committed to security, privacy and compliance. Your data is your data – and it is you who has control of who can see it and who can access it. Through transparent service operations, we seek to gain and earn your trust every day. We are accountable to you.

 

Thanks for keeping us accountable,

Mark

Additional related resources

  • BLOGS

 

 Delve_security-and-privacy_image-003.png

 

 

Delve_security-and-privacy_image-004.png

 

 

See more conversations labeled with:

9 Replies

Re: Understanding security and privacy of Delve and intelligent experiences in Office 365

great post thanks!

Re: Understanding security and privacy of Delve and intelligent experiences in Office 365

Great post @Mark Kashman ! The "Intelligence beyond Delve, throughout Office 365 and beyond" section was great additional information for me.

 

p.s. the link "understand permissions levels in SharePoint" references an URL on my Microsoft OneDrive, which is not accessible for people outside your organisation.

Re: Understanding security and privacy of Delve and intelligent experiences in Office 365

Thx, Harold. And I fixed my link copy/paste error; target is: https://support.office.com/en-us/article/Understanding-permission-levels-in-SharePoint-87ecbb0e-6550... -- and now adjusted.

Re: Understanding security and privacy of Delve and intelligent experiences in Office 365

Great post, @Mark Kashman.  Thanks for the insight and update on Delve's compliance maturity.  I have check the January 2017 version of the OST, and Delve is not presently listed with Data Protection Terms - is expected to be added in February? Or perhaps later?  Do you have any visiobility here? - Thanks.

Re: Understanding security and privacy of Delve and intelligent experiences in Office 365

My orgs change management board refuses to turn this on without being able to test first. We need a way to turn on for only certain users, even if that is turning on for the tenant then disabling for everyone in the org except IT. Can the Off for Documents be manipulated for a user via powershell??

 

@Mark Kashman

Re: Understanding security and privacy of Delve and intelligent experiences in Office 365

Hi Robert. Give this a review and see if it  helps. The team is Oslo is reviewing how to enable this more from within our UI or starardizing via PowerShell; but the below has been performed a number of times with success for pilot purposes...

 

How to setup a Delve pilot by having Delve/Graph on, and then programmatically opt-in a subset of users during a pilot/trial phase; via the User Profile property. External blog post with CSOM examples, by Nicki Borell (b-nibore@microsoft.com): http://www.sharepointtalk.net/2016/11/opt-in-as-default-for-delve_40.html?m=1

Re: Understanding security and privacy of Delve and intelligent experiences in Office 365

Looking into this with our UA team as well; thought it already in there...

Re: Understanding security and privacy of Delve and intelligent experiences in Office 365

Brillian Post Mark, very very informative

Re: Understanding security and privacy of Delve and intelligent experiences in Office 365

Here some additional insides also about the myth of the People suggestion in Delve: http://www.sharepointtalk.net/2017/03/delve-and-office-graph-inside-out-part.html