Document Surfacing in M365: What can people see?

Photo credit: Beatriz Pérez Moya

Article Updated: Feb 9, 2022

A Question

A client asked:

“We have users that raise concerns that secure files may surface in search or on the people cards.

They are worried others in the organization might be able to see files that they should not have access to.

Can we disable surfacing files in these areas?

A. Client

This is similar to being asked:

  • Can we disable Delve?
  • Can we disable Office.com?

My Answer

This feature is known as “Item insights”.

I follow Microsoft’s best practice here and believe that item insights should be enabled, as the setting basically allows people to locate files necessary for collaboration.

Also, I generally dislike turning off any feature due to someone “thinking” that people may see something they shouldn’t. Evidence of this happening is always better. That way you can deal with the issue through governance, training, and process instead of making a decision that may decrease productivity and ease of collaboration.

In M365, files only appear in Search results if you (or a group you belong to) has direct access to that file, OR it has been shared directly with you (e.g. if an “People in this org” link is targeted at you), OR if you have accessed a sharing link for that file.

For example, if someone accidentally shares a file called “Reasons to Terminate Mike Hatheway” using a “People in the Org with the link can edit” type link, that should not show for people in Search, or the files tab. That is, unless they have accessed that file, or if they have direct access to that file.

Per File collaboration in SharePoint with Microsoft 365

“Creating a People in your organization link does not cause the file or folder to show up in search or give everyone direct access to the file or folder. Users must have the link in order to access the file or folder.”

docs.microsoft.com

And as per Overview of item insights in Microsoft Graph / Microsoft runs on trust

Microsoft runs on trust

Microsoft uses only your activities in a shared working space (activities such as sharing, modifying, commenting actions) within your organization to calculate recommendations for others. That means, if you simply glanced at or clicked on a shared document without changing or commenting on it, your colleagues will not see the document as a recommendation because you browsed the document.

Microsoft does not use your activities from working in a private space to calculate recommendations for others. That means no one can get insights from your private documents.

Finally, your colleagues can see recommendations built only on content that they already have access to. If Alice collaborates with Robert on writing a document, Alice and Robert can both get recommendations based on this collaborative work. Kate, who does not have access to the document, does not see recommendations associated with this file or the collaboration between Alice and Robert. This rule applies to all users in an organization. In our example, that includes Kate’s manager and administrators, who would not see recommendations based on content that they do not have access to.”

docs.microsoft.com

Delve is a bit different but Delve can get files from this item insights feature. I don’t generally find people use Delve and it can be turned of in the SharePoint Admin center. This turns off the Delve app shortcut. You can still get to Delve after it’s turned off by going to “My Office Profile” but no docs will be listed.

<Steps down from soapbox>

Turning Off Item Insights

All that said, if turning off item insights is what you want as a company.

Note the article doesn’t mention disabling the feature for groups but this feature does appear in my development tenant and allowed the selecting of a group (Security or M365 group) to disable:

Author: Mike Hatheway

I'm a husband, father of twins, and a consultant specializing in M365. Generally focused on Teams, SharePoint, and the Power Platform. I hold several Microsoft certifications and I work at Bulletproof Solutions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.