自定义 Microsoft Graph 中的项目见解隐私(预览版)Customizing item insights privacy in Microsoft Graph (preview)

项目见解隐私设置提供了在用户与 Microsoft 365 中其他项目(例如文档或站点)之间,对派生自 Microsoft Graph 见解的可见性进行配置的能力。Item insights privacy settings provide the ability to configure the visibility of insights derived from Microsoft Graph, between users and other items (such as documents or sites) in Microsoft 365. 可通过预先存在的控件禁用 Delve 应用,但允许其他基于见解的体验,以继续提供协助。You can disable the Delve app via the pre-existing controls, but allow other insights-based experiences to continue to provide assistance.

背景Background

2014 年首次发布时,Office Graph 是 Delve 的后端服务。At the time of first release in 2014, Office Graph was a backend service for Delve. 它们为 Office Graph 见解和 Delve 用户界面共享了一组数据保护控件。They shared a set of privacy controls over both the Office Graph insights and the Delve user experience. 此后,作为每个 Microsoft 365 体验和 Microsoft Graph 的一部分,Office Graph 不断发展并变得更加独立和强大。Office Graph has since evolved and become more independent and powerful, as part of every Microsoft 365 experience and of Microsoft Graph. 为了提供一致的 Microsoft Graph 架构,Microsoft引入了一个itemInsights实体,其继承了先前存在的 officeGraphInsights资源的所有属性,并保留了** officeGraphInsights**,以向后兼容。To offer a coherent Microsoft Graph schema, Microsoft introduced an itemInsights entity which inherits all the properties of the pre-existing officeGraphInsights resource, and has kept officeGraphInsights around for backward compatibility. itemInsights 的引入还使两个独立作品的隐私故事分离。The introduction of itemInsights also de-couples the privacy story for the two independent pieces.

虽然现有应用可以继续使用 officeGraphInsights,但这些应用应升级到 itemInsights,以获得在 Office Graph 和 Delve 中微调项目见解的灵活性。While existing apps could continue to use officeGraphInsights, these apps should upgrade to itemInsights to gain the flexibility to fine-tune item insights in Office Graph and Delve.

如何自定义项目见解?How to customize item insights?

默认情况下,将为组织启用项目见解。By default, item insights are enabled for an organization. 要为组织中的所有用户禁用项目见解,请将 isEnabledInOrganization 属性设置为 falseTo disable item insights for all users in the organization, set the isEnabledInOrganization property to false. 若要禁用 Azure AD 组中用户_子集_的项目见解,将 **disabledForGrou ** 属性设置为该组的 ID;了解有关创建群组并将用户添加为成员的详细信息。To disable item insights for a subset of users in an Azure AD group, set the disabledForGroup property to the ID of that group; find out more about creating a group and adding users as members.

这些设置为管理员提供了灵活性,使其可以使用 Azure AD 工具并仅对指定组的成员而不是整个组织禁用项目见解。These settings provide flexibility for administrators to use Azure AD tools and disable item insights for only members of the specified group and not necessarily across the organization. 通过在某个应用程序、PowerShell 或具有适当权限的其它应用中更新项目见解设置,配置每个属性。Configure each of these properties by updating item insights settings in an app, PowerShell, or other applications with due permissions.

注意,读取或更新这些设置需要_全局管理员角色_。Keep in mind that the global administrator role is required to read or update these settings.

可用配置Available configurations

通过相应更新 isEnabledInOrganizationdisabledForGroup 属性,配置组织中用户的项目见解设置。Configure item insights settings for users in an organization by updating the isEnabledInOrganization and disabledForGroup properties accordingly.

如何启用项目见解How item insights are enabled isEnabledInOrganizationisEnabledInOrganization disabledForGroupdisabledForGroup
整个组织(默认)Entire organization (default) true empty
组织用户子集禁用Disabled for a subset of users in the organization true 包含用户子集的 Azure AD 组 IDID of the Azure AD group which contains the subset of users
整个组织禁用Disabled for the entire organization false 忽略ignored

更新项目见解设置时,请记住以下几点:Keep the following in mind when updating item insights settings:

  • 项目见解隐私设置(itemInsightsSettings 资源)仅在 beta 终结点中可用。The item insights privacy settings (itemInsightsSettings resource) are available only in the beta endpoint.
  • 从 Azure 门户获取 Azure AD 组 ID,并确保该组存在,因为更新操作不会检查组是否存在。Get the ID of an Azure AD group from the Azure portal, and make sure the group exists, because the update operation does not check the existence of the group. disabledForGroup 中指定不存在的组_不会_禁用组织中任何用户的见解。Specifying a non-existent group in disabledForGroup does not disable insights for any users in the organization.
  • 更新设置最多可能需要 8 个小时才能应用到所有 Microsoft 365 体验中。Updating settings can take up to 8 hours to be applied across all Microsoft 365 experiences.
  • 无论项目见解设置如何,Delve 都会继续采用 Delve 租户和用户级别的隐私设置Regardless of item insights settings, Delve continues to respect Delve tenant and user level privacy settings.

UI 和 API 中的行为更改Behavior changes in UI and APIs

某些趋势已使用的见解可能会受到影响,如下所述。Some trending or used insights may be affected as described below. 随着时间推移,这些见解的范围和类型将得到扩展。Over time, the scope and types of these insights will be extended.

  • 对于禁用项目见解的用户,个人资料卡不会显示其使用过的文档。The profile card of a user who has disabled item insights does not show their used documents. 相同的限制适用于 Microsoft 必应搜索的配置文件结果,其中“最近文件”窗格为空。The same limitation applies to the profile result of Microsoft Search in Bing, where the Recent Files panel becomes empty. 此外,降低了首字母缩写词扩展搜索精度。Furthermore, the precision of acronym-expansion in search is reduced.

  • 在 Delve 中,禁用项目见解的用户将其文档隐藏。In Delve, a user who has disabled item insights has their documents hidden.

  • 禁用项目见解的任何用户的活动都将从组织范围的见解中删除。Any user who disables item insights has their activity removed from organization-wide analytics. 通常,此类分析会为用户的同事提供从 Outlook 到 OneDrive 和 SharePoint 的多种体验的辅助见解。Normally such analytics suggests assistive insights to the user's colleagues across a multitude of experiences, ranging from Outlook to OneDrive and SharePoint. 无论设置如何,分析始终是匿名的,但是当用户禁用见解时,该用户的活动将无法提高其他人的工作效率。The analytics is always anonymous regardless of settings, but when a user disables insights, the user's activity is excluded from improving the productivity of others.

  • 对于已禁用项目见解的用户,在 Microsoft Graph API 中查询趋势已使用资源将返回 HTTP 403 ForbiddenFor a user who has disabled item insights, querying the trending and used resources in Microsoft Graph API return HTTP 403 Forbidden.

过渡期Transition period

为了适应配置项目见解设置,到 2020年底,Microsoft 365 采用 Delve 设置和项目见解设置,并且如果两者有所不同,则将两者严格化。To accommodate configuring item insights settings, through the end of 2020, Microsoft 365 respects both Delve settings and item insights settings, and enforces the stricter of the two if they differ. 这意味着,如果用户通过 Delve 控件或项目见解设置选择退出,则认为用户已退出项目见解。This means that a user is considered as opted out of item insights if the user has opted out by either Delve controls or item insights settings.

在此过渡期后,Delve 设置仅控制 Delve 体验,并且项目见解设置仅影响 Microsoft Graph 项目见解。After this transition period, Delve settings control only Delve experience, and item insights settings affect only Microsoft Graph item insights. 确保根据组织的要求配置项目见解。Make sure to configure item insights according to your organization's requirements.

备注

过渡期间,由于技术原因,如果组织为所有用户禁用项目见解,则 SharePoint 起始页可能会提供过时的建议。During the transition period, due to technical reasons, the SharePoint start page may provide stale suggestions if an organization disables item insights for all users. 此问题将在未来的服务器端更改中得到解决。This issue will be addressed in upcoming server-side changes.