Photo credit: Beatriz Pérez Moya
Article Updated: Feb 9, 2022
A Question
A client asked:
“We have users that raise concerns that secure files may surface in search or on the people cards.
They are worried others in the organization might be able to see files that they should not have access to.
Can we disable surfacing files in these areas?“
A. Client
This is similar to being asked:
- Can we disable Delve?
- Can we disable Office.com?
My Answer
This feature is known as “Item insights”.
I follow Microsoft’s best practice here and believe that item insights should be enabled, as the setting basically allows people to locate files necessary for collaboration.
Also, I generally dislike turning off any feature due to someone “thinking” that people may see something they shouldn’t. Evidence of this happening is always better. That way you can deal with the issue through governance, training, and process instead of making a decision that may decrease productivity and ease of collaboration.
In M365, files only appear in Search results if you (or a group you belong to) has direct access to that file, OR it has been shared directly with you (e.g. if an “People in this org” link is targeted at you), OR if you have accessed a sharing link for that file.
For example, if someone accidentally shares a file called “Reasons to Terminate Mike Hatheway” using a “People in the Org with the link can edit” type link, that should not show for people in Search, or the files tab. That is, unless they have accessed that file, or if they have direct access to that file.
Per File collaboration in SharePoint with Microsoft 365
“Creating a People in your organization link does not cause the file or folder to show up in search or give everyone direct access to the file or folder. Users must have the link in order to access the file or folder.”
docs.microsoft.com
And as per Overview of item insights in Microsoft Graph / Microsoft runs on trust
“Microsoft runs on trust
Microsoft uses only your activities in a shared working space (activities such as sharing, modifying, commenting actions) within your organization to calculate recommendations for others. That means, if you simply glanced at or clicked on a shared document without changing or commenting on it, your colleagues will not see the document as a recommendation because you browsed the document.
Microsoft does not use your activities from working in a private space to calculate recommendations for others. That means no one can get insights from your private documents.
Finally, your colleagues can see recommendations built only on content that they already have access to. If Alice collaborates with Robert on writing a document, Alice and Robert can both get recommendations based on this collaborative work. Kate, who does not have access to the document, does not see recommendations associated with this file or the collaboration between Alice and Robert. This rule applies to all users in an organization. In our example, that includes Kate’s manager and administrators, who would not see recommendations based on content that they do not have access to.”
docs.microsoft.com
Delve is a bit different but Delve can get files from this item insights feature. I don’t generally find people use Delve and it can be turned of in the SharePoint Admin center. This turns off the Delve app shortcut. You can still get to Delve after it’s turned off by going to “My Office Profile” but no docs will be listed.
<Steps down from soapbox>
Turning Off Item Insights
All that said, if turning off item insights is what you want as a company.
- First, read this entire article to determine the scope and effect of disabling the setting: Overview of item insights in Microsoft Graph
- This will detail how to disable the setting on a per-user basis Under MyAccount > Settings & Privacy. This might be good for testing.
- Then, check Customizing item insights privacy in Microsoft Graph
- This will allow a Global Admin to disable for all or some users.
Note the article doesn’t mention disabling the feature for groups but this feature does appear in my development tenant and allowed the selecting of a group (Security or M365 group) to disable:
Mike Hatheway 