Sonntag, 29. August 2021

My Analytics, Workplace Analytics & Delve - or from the backend perspective Office Graph & Microsoft Graph

The analytics features in Microsoft 365 remain a sensitive topic for works councils and data privacy officers. This article describes the options currently available to customize these apps.

Overview and history of Office Graph & Microsoft Graph

At the time of its initial release in 2014, Office Graph was the backend for Delve, among other things. The Office Graph has since evolved and the Microsoft Graph was joined. To provide a coherent Microsoft Graph schema, Microsoft introduced an itemInsights entity that inherits all the properties of the existing officeGraphInsights resource. Currently, for backward compatibility reasons, the officeGraphInsights entity is still available. Generally, the "insights" generated by the Microsoft Graph can be disabled for the entire tenant or per Azure AD group in the Admin Center:

More details about this and the options with PowerShell / API are described in this Microsoft article: Customizing item insights privacy in Microsoft Graph. Currently, August 2021, the options described in the article are still in "Preview" status.

The apps My Analytics, Workplace Analytics & Delve

All three apps aggregate and analyze users' actions in Microsoft 365 to give individual users a system-wide view of what's happening in Microsoft 365.
Delve: The Delve app mines all documents that a user is actively working on and attempts to analyze correlations between their own work and that of other users. The goal is to show users correlations and common work areas with other users. The following always is true:
  • Security by Design. Everyone only sees what they have access to.
  • Private signals can only be seen by the person himself, e.g. which content might be interesting for him. This cannot be impersonated in the sense of: please show me what is interesting for John Doe.
  • Public Signals only show what can also be found in other ways, e.g. via search.
Delve can be customized by each user: The "Show Documents in Delve" setting is available at the following link: 
If a user deactivates this function, however, his signals are still collected by the Office Graph / Microsoft Graph and are available to other users who also have access to the affected documents. Only the user himself will not see any reports about the documents he is working on or has access to after deactivation.

The Office Graph / Microsoft Graph also creates the overview and reports for the user under and in apps like Outlook or Microsoft Teams. The following functions / customizations are available here:
  • Meeting Insights: When a user calls up an appointment in their calendar, Outlook displays other content relevant to that appointment. This can include mails and files in the mailbox, files from OneDrive or SharePoint for which the user has at least read permission. Meeting Insights can currently only be switched on or off for the entire tenant.
  • Item Insights: This feature creates recommendations based on user interaction/common tasks in Microsoft 365. These recommendations can include documents or other types of content and are displayed in People Cards (Contacts), Delve,, and other locations. Item Insights can be turned on or off per Azure AD group.
The Office Graph can also be disabled completely, as described here: Control access to Delve. This will then affect many other features such as:
  • SharePoint Home
  • SharePoint Activities
  • OneDrive Suggestions
  • Copy / Pats Functions
  • etc.
My Analytics: My Analytics creates an overview of the complete working day and provides reports on how long the user has spent on mails, meetings and other things. The My Analytics function can be controlled via the license. If a user is not assigned the license for this app, the function is not available.
My Analytics, like the Delve app, cannot be impersonated and reports are only available to the individual user to view
The My Analytics app can also be configured per user:
The following applies here:
  • If the app as a whole is deactivated, the user will no longer be able to access his dashboards in My Analytics. The Insights Outlook add-ins are then also no longer available.
  • Inline suggestions and weekly digests will no longer be generated.
  • Email activity will no longer be included in the count for other users' email open rates.
Workplace Analytics: In Workplace Analytics, data from daily work in Microsoft 365 is used to identify patterns. Data protection is considered here by default, by only presenting data anonymized and aggregated at the group level.
The Workplace Analytics function can also be controlled via the license. If a user is not assigned the license for this app, his data will not be collected and analyzed. Workplace Analytics can currently only be licensed via an EA. For details, see: Requirements for Workplace Analytics

Workplace Analytics offers the following options for configuration:
  • Sources: Administrators and analysts use these to verify that Microsoft 365 and organizational data has been uploaded correctly to Workplace Analytics.
  • Upload: Administrators use this to prepare and upload organization and customer data.
  • Administrator Settings: Administrators use this to configure system default settings, privacy settings, and manager settings.
  • Analytics Settings: Analysts use this to customize meeting exclusion rules that help ensure data accuracy.

By the way: The Viva Insights feature also uses data from the Microsoft Graph, combines it with its AI and creates the corresponding dashboard. The apps My Analytics and Viva Insights will be merged in the future:

Keine Kommentare:

Kommentar veröffentlichen