Introducing new privacy controls with the Microsoft Graph
Published Aug 04 2020 11:11 AM 21.7K Views

Privacy is a fundamental human right. “We are committed to providing products, information, and controls that let you choose how your data is collected and used.” Brad Smith, President & Chief Legal Officer




In May (skip below to read the announcement) we announced our plans to provide more granular privacy controls with the Microsoft Graph. 


The hundreds of millions of users of Microsoft 365 cloud services form part of the core of Microsoft Graph. The users' data is carefully managed, protected, and with proper authorization, made available by Microsoft Graph services to drive productivity and creativity in businesses. As ubiquitous the user's data is in Microsoft Graph, data derived from the user's social interactions is particularly interesting. It provides intelligent insights that can answer questions such as the following:

  • "Who should this user contact for information on this topic?"
  • "Which documents are most interesting to this person?"

For administrators who wish to enable granular control over where intelligent insights are available to their employees, these new controls provide you the ability to configure the visibility of Graph-derived insights, between users and other items in the Graph (such as documents or sites) across apps and services in Microsoft 365.  Learn more about Graph-based insights at


Learn more about how to configure the new Microsoft Graph privacy controls at




Announced in May 2020

The Microsoft Graph is the gateway to data and intelligence in Microsoft 365, providing a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows 10, and Enterprise Mobility + Security.  Over the next several weeks we're excited to introduce new innovation to help you achieve more with Microsoft Graph capabilities.


In Microsoft 365 we’re committed to privacy and control – and we’re continuing to invest in those principals with new Microsoft Graph privacy controls of document-based insights.


Across Microsoft 365 applications and services, intelligence is pervasive – whether deep learning or reasoning across activities and relationships – intelligence in Microsoft 365 is designed to help its users achieve more… 


At the center of Microsoft 365 is content, such as documents, email messages, conversations, and more.  With the amount of data expected to double year over year, information overload is often a reality.  This is where the Microsoft Graph shines.  Time is something we can’t make more of, but we can make more with it.  Document-, email-, calendar-, and user- based insights help save time and boost productivity, helping employees make more of their time.


One of the first applications to deliver these rich insights was Office Delve, powered by the Office Graph – technology which calculated relationships between people and content from Exchange, OneDrive, SharePoint, and more. Along with the Office Graph and Delve, we also delivered shared set of privacy settings, which control both insights and Delve user experience.





As the Office Graph continued to evolve, it has become a more independent, mature, and powerful service, and a part of every Microsoft 365 experience, eventually evolving to the Microsoft Graph. Given this evolution, we’ve disjoined the privacy story for two independent pieces, providing the flexibility to fine-tune item in the Graph and Delve.


Today we’re pleased to announce a set of robust new privacy settings which provides you the ability to configure the visibility of Graph-derived insights, between users and other items in the Graph (such as documents or sites). This new setting will apply similar restrictions as the original Delve settings, but decoupled from Delve. This means that you can disable the Delve app through the existing controls, but allow other insights-based experiences such as Discover in OneDrive and Suggested Sites in SharePoint Home to still provide assistance.


For organizations that need to disable item insights for all its users, we are introducing a new "isEnabledInOrganization" parameter, which allows you to disable item insights across the entirety of your organization; however, if you only need to disable item insights for a subset of employees, we’re introducing an additional "disabledForGroup" setting - an ID of one security or O365 Azure AD group.


This new setting will allow security group administrators more flexible management options using the available tools in Azure Active Directory, disabling item insights for all members of select groups. Both parameters can be configured using new MSGraph methods.


While delivering these new privacy settings we’ll respect both the existing Delve settings and these new item-insights settings, applying the strictest of them. This means that during transition phase a user is considered as opted out if either the user was opt out by Delve controls or item insights settings.


As we continue to provide more granular privacy controls, we’ll also introduce new user level controls, to provide individuals control  over the visibility of their own item insights, unless otherwise specified by other admin-facing settings such as “isEnabledInOrganization” or “disabledForGroup”.  At the time of release, we will also support migration of pre-existing Delve settings into new user control.


Bookmark this article to keep up to date on our commitment to privacy via the Microsoft Graph.


1 Comment
Version history
Last update:
‎Aug 04 2020 11:11 AM
Updated by: