The usage reports available in the Microsoft 365 admin center, Teams admin center, and other places now include anonymized user information by default. The new default became active on September 1, 2021 and the organization setting applies to any usage data generated by the Microsoft Graph usage reports API, which means that some scripts might create reports less interesting and useful than before. It’s a good change for privacy, but will organizations persist with the new default?
Microsoft has replaced the controls which disabled document insights in Delve with new Graph-based settings. However, you might still have a bunch of users with the Delve settings who need to migrate to the Graph settings. In this article, we explore how the settings work and how to query the Graph to find the set of users who disabled the setting in Delve. We can then use PowerShell to add those accounts to the group of disabled insights users for the Graph-based settings.
Many PowerShell scripts which access Office 365 data could do with a speed boost. Replacing cmdlets with Microsoft Graph API calls is one way to get extra speed. In this article, we take a PowerShell script to report the memberships users have of Microsoft 365 groups and replace some important cmdlets with Graph API calls. The result is a big speed increase.
The preview of a new app governance add-on for Microsoft Client App Security gives Office 365 administrators insight into Graph-based apps. The add-on depends on information gathered from Azure AD and MCAS to generate insights about apps and their usage, including highlighting apps which are overprivileged or highly privileged. Although you can do some of the auditing yourself, the add-on makes it easier. It’s a preview, so some glitches are present.
The latest update for the Teams admin center includes the ability to manage the permissions used by third-party apps to access data via the Microsoft Graph. The updates also include the ability to manage resource specific consent (RSC) for Teams apps. While third-party apps ate the obvious target, LOB apps created by tenants are managed in the same way.
The Active Directory schema includes a drink attribute. This didn’t make the transition to Azure AD, but you can use one of the custom attributes to make drink show up on Microsoft 365 profile cards. This might not seem like a good use of your time, but it’s actually an illustration of how to put the Microsoft Graph Explorer tool to good use.
PowerShell hash tables are very efficient at retrieving data, which is just what’s needed when thousands of Office 365 accounts need processing. Our script to analyze usage data extracted from the Microsoft Graph was turbo-charged when we replaced list objects with hash tables, all of which makes it much easier to identify underused Office 365 accounts and save some money on licensing spend.
A preview of a new migration API for Teams is with ISVs. The API is to migrate data from other chat platforms (Slack is the obvious target) to Teams. There’s still no news about solid APIs for tenant to tenant migration or backup and restore for Teams. Microsoft is really interested in moving people off competitor platforms to Teams. It seems they are less interested in doing some of the heavy lifting involved in tenant management and restructuring.
The Microsoft Graph collects huge amounts of signals about Office 365 user activity. Some of that data is used to generate insights into information that might be interesting to users. You can already disable insights in Delve, and now Microsoft allows you to disable insights elsewhere in Office 365. The downside is you’ve got to patch the Graph organization settings to limit insights, and that might just be outside the ability of the average tenant administrator. Unless they use the Graph Explorer to do the job.
Microsoft announced that Office 365 tenants can customize the user profile card, which is nice. The only thing is that an update to the Microsoft Graph is done to apply the customization. Most tenant administrations probably aren’t literate with Graph programming, so that presents a problem. Until you realize that the Graph Explorer can be used to do the job without you needing to write a single line of code.
It’s easy to retrieve storage data for SharePoint Online sites with PowerShell, but it’s faster with the Graph. Some disadvantages do exist, but it’s nice to have a choice. TheGraph is faster, especially with large tenants, but the SharePoint Online PowerShell cmdlets can deliver more data.
The Microsoft Graph gives programmers a RESTful interface to Office 365 data. Flow allows even non-programmers to automate tasks by combining building blocks of Office 365 data and actions. Put the two together and you can generate some impressive results. In this example, we combine Graph and Flow to create some nagging emails to admins to encourage them to improve the tenant’s Secure Score.