How to Control the Display of People Insights in Microsoft 365

Posted on by Tony Redmond

Item, Meeting, and People Insights Derived from User Signals

In August 2020, I wrote about how to control item insights using the Graph Explorer. Item insights are one of the three insights generated from Graph signals gathered from user activity and displayed in various places within Microsoft 365:

  • Item insights: Recommendations about documents available to a user which they might be interested in. This information shows up in the profile card in the “Files” section.
  • Meeting insights: When users open a meeting in their calendars, Outlook displays insights relevant to the meeting, such as documents and email covering the content of the meeting.
  • People insights: Information about people deemed to be relevant to an individual and who have a “public relationship” with that individual. For example, they have the same manager (as noted in Azure AD) or share a common membership of a public group or distribution list with fewer than 30 members. People insights show up on the profile card in the “works with” section, with the people who appear ranked in order of the public and private communications (direct email or meetings rather than group-based communications) between the listed individuals and the owner of the profile card.

Item and meeting insights are configurable through the Search & Intelligence section of Settings in the Microsoft 365 admin center (Figure 1). Both can be enabled or disabled, and item insights can be disabled for a set of users defined as members of a group.

Search and Intelligence options in the Microsoft 365 admin center
Figure 1: Search and Intelligence options in the Microsoft 365 admin center

Recently, Microsoft added the ability to customize people insights, but only by running a Graph query. No doubt the necessary GUI will soon appear in the Microsoft 365 admin center.

The Need for User Privacy

In most cases, insights are useful. Looking at the list presented in the people card (Figure 2), users probably don’t realize how the Graph determines who appears in the list and what a public relationship is versus a private relationship. All they see is a set of individuals who the owner of the profile card “works with.”

People insights in the user profile card
Figure 2: People insights in the user profile card

However, in places where personal privacy is taken more seriously than in more liberal regimes, exposing the list of people that someone works with could be considered a breach of that person’s privacy. Although the list is based on public relationships that anyone can see by checking the membership of the relevant groups, it’s still too much for some.

Suppressing People Insights

To suppress people insights, a tenant can:

  • Disable people insights completely. No one in the tenant sees this data.
  • Disable people insights for a group of people. Everyone else sees the people insights.

For instance, if an organization decreed that the employees from a specific country should not see people insights, you could create a group (not a dynamic group) and add the relevant employees as members. The next step is to retrieve the identifier for the group and the tenant identifier, which is easily done by running the Get-AzureADGroup and Get-AzureADTenantDetail cmdlets:

Get-AzureADGroup -SearchString Disabled

ObjectId                             DisplayName           Description
--------                             -----------           -----------
c9758609-d33b-4eea-976b-d8e43a2ad135 DisabledGraphInsights Members of this group do not have graph insights

Get-AzureADTenantDetail

ObjectId                             DisplayName             VerifiedDomain
--------                             -----------             --------------
d662313f-14fc-43a2-9a5a-d2e27f4f3476 Office 365 for IT Pros  Office365itpros.com

Given that the Azure AD module is due for deprecation in late 2022, you should consider using the Microsoft Graph PowerShell SDK cmdlets:

Get-MgGroup -Filter "startsWith(displayname, 'Disabled')"

Id                                   DisplayName           Description                                       GroupTypes
--                                   -----------           -----------                                       ----------
c9758609-d33b-4eea-976b-d8e43a2ad135 DisabledGraphInsights Members of this group do not have graph insights  {Unified}

Get-MgOrganization | Select Id, DisplayName

Id                                   DisplayName
--                                   -----------
d662313f-14fc-43a2-9a7a-d2e27f4f3478 Office 365 for IT Pros

With the two identifiers, we can go to the Graph Explorer and update the Insight settings control for people insights. This is done by running a Graph patch query to:

https://graph.microsoft.com/beta/organization/d662313f-14fc-43a2-9a5a-d2e27f4f3476/ settings/peopleInsights

The query includes a request body containing the identifier of the group holding the set of users to exclude from people insights:

{
  "disabledForGroup": " c9758609-d33b-4eea-976b-d8e43a2ad135"
}

Figure 3 shows the Graph Explorer after running the patch query. The response (200) means that the Graph accepted the command, and the response preview shows the current configuration for people insights in the tenant. Here we can see that people insights are enabled (isEnabledInOrganization is True) and that a group of excluded users exists.

Using the Graph Explorer to control People Insights
Figure 3: Using the Graph Explorer to control People Insights

No More People Insights

After updating the organization setting, it can take up to 24 hours before its effect is noticed in profile cards. Figure 4 shows the result. The organization data is present, but the people insights are absent for any user who’s a member of the excluded group.

The user profile card without People Insights
Figure 4: The user profile card without People Insights

Controlling people insights is an easy thing to do. If you have some users who object to this information being available to others, it will take less than five minutes to create the excluded group and update the organization settings. Add a few extra minutes to populate the group, and then it’s just a matter of waiting for the update to percolate to applications.

So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across Office 365. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what happens, why it happens, and what new features and capabilities mean for your tenant.

7 Replies to “How to Control the Display of People Insights in Microsoft 365”

  1. Pingback: How to Control the Display of People Insights in Microsoft 365 – blog by @12Knocksinna – 365forall

  2. Hi Tony, great blog post, thank you! We have a customer waiting for this feature. During our first tests, we were struggeling to get the needed API permissions. We tried “User.Read.All”,”User.ReadWrite.All”,”Organization.ReadWrite.All”,”People.Read.All” – but it seems not to be sufficient. Do you remember which API permissions are needed to access /settings/peopleInsights? Kind regards, Jens

    Reply

  3. Great article, thanks for sharing. Do you know if there is way to hide specific users from the organization chart? This way their managers (or subordinates) would not be visible? We would like to have such feature, applied to an AD group, for example. Or even checking any customized attribute.

    Reply

    1. I don’t believe you can hide someone except by not including their organization details in AAD (for example, not assigning them a manager or any direct reports).

      Reply

  4. Hi Tony, when you wrote turn it off at the tenant, was that via the UI on the insights page? I did this a few weeks ago to see what the out of the box behaviour was and I still see a populated ‘works with’ section. Thanks

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.