Via the Microsoft Graph, authorized persons such as the Global Administrator of a Microsoft 365 Tenant have full access to almost all information in this Tenant. The Microsoft Graph itself cannot be deactivated, only hidden and now restricted:
Microsoft Graph and the privacy settings
The new documentation explains in concrete terms what effects the configurations have and why they are now available. So you can limit the output of the Microsoft Graph. You can limit the information about users, documents and the information about the relationship between them. (itemInsights Element)
Configuration
Configure the settings for viewing the elements for users in an organization by adjusting the isEnabledInOrganization and disabledForGroup properties accordingly.
required role: Global Administrator (read and adjust)
Existing applications that use officeGraphInsights should be converted to itemInsights.
How item insights are enabled | isEnabledInOrganization | disabledForGroup |
---|---|---|
Entire organization (default) | true |
empty |
Disabled for a subset of users in the organization | true |
ID of the Azure AD group which contains the subset of users |
Disabled for the entire organization | false |
ignored |
By default, element recognition is enabled for an organization. To disable element recognition for all users in the organization, set the isEnabledInOrganization property to false.
To disable item detections for a subset of users in an Azure AD group, set the disabledForGroup property to the ID of this group.
These settings provide administrators with the flexibility to use Azure AD tools and disable item detections only for members of the specified group and not necessarily for the entire organization. Configure each of these properties by updating the item view settings in an application, PowerShell, or other application with the appropriate permissions.
Time to implementation: 8 hours
documentation
https://docs.microsoft.com/en-us/graph/insights-customize-item-insights-privacy?view=graph-rest-1.0
via