Hyperfish blog

Do not fear the Office Graph and Delve in Office 365

Written by Jeremy Thake | Aug 15, 2017 7:00:00 AM

At Hyperfish, we are focused on getting our customers the most value out of their complete and up-to-date profiles. One of the many things we showcase to customers is the value that Delve can give them.

Sadly, we have heard from a number of customers that they have turned off the Office Graph. The primary reason for this is because the signals that the Office Graph gets from its various services are exposed as cards in Delve.
Many executives who go and view Delve are amazed at what content shows up from their peers and also their peers and reports can see and access, specifically the document they have created. The knee jerk reaction to this, is often to want to hide this information and they order IT to turn off the Office Graph that powers this part of the Delve interface.

This is not a new problem. Often when SharePoint search is deployed, the same reaction occurs. The reason this happens is that documents are either crawled from file shares that were once buried in awfully complex folder structures. These folder structures didn’t necessarily have the correct security permissions on them either. That is, it would have been very unlikely that someone would have found them clicking through folders, and it was only when search indexed them that they became readily available.

A great example of this was I was working with in Australia and an employee did a vanity search on their own name. They were quite surprised to find a document with all their salary and bonus information living in a folder that was not secured correctly that was owned by HR. They immediately searched for their peers names, and realized that their salary documents were available too. HR immediately demanded that enterprise search be turned off. In that instance, the IT team worked with HR to secure the folders and documents correctly and resolve the actual root issue, rather than turning off enterprise search.

The Office Graph can amplify bad practices around security and access, but not just to documents but also other signals coming from services in Office 365. A possible quick fix is to turn it off (keep reading below to know this is no fix at all). The more complex and longer term fix is to go and fix the security of this information.

Fix the root problem

There has been some recent discussion on this exact topic, including the below tweet shared by David Rosenthal.

By turning the Office Graph off, the core problem is not being fixed, these documents that are showing up in Delve, will also show up in SharePoint search results. The only real way to fix this problem is to fix the security on documents across Sites, Document Libraries, and folders. There are many ways you can do a discovery exercise and security audit on SharePoint and OneDrive. If you do a Google search for “security audit SharePoint” you will find the usual suspects.

Delve still works with the Office Graph off

Delve not in App Launcher and no documents listed when Office Graph turned off

One thing to also note is that turning off the Office Graph isn’t the end of the world. Delve still works, you just don’t see any of the document cards in the UI and it isn’t in the app launcher. The only experience that points to Delve is the contact cards “see more” link in SharePoint, OneDrive and Outlook. It essentially becomes a people finder interface, that isn’t as powerful as if you used SharePoint People Search pages.

Adam Harmetz from Microsoft shared his SharePoint home screen showing off the Office Graph powered experience

There are other things that are affected by turning the Office Graph off. A lot of the new modern experiences in Office 365 are driven by the Office Graph. An article on MSDN indicates that SharePoint Home will also not work correctly without it. You will be missing recently visited sites, suggested sites and relevant activity in sites. These are all very useful capabilities, but are tracked by signals pushed to the Office Graph from SharePoint.

As well as it crippling out of the box experiences, if your third party solutions or internal developer projects take advantage of the Office Graph on the Microsoft Graph (yes I hated naming discussions too when I was at Microsoft!) will break. Stephane Cordonnier has a detailed blog post on the fact you will get a SearchServiceException when calling these APIs.

APIs throwing exceptions isn’t the only problem with turning the Office Graph off. The bigger issue is that you are also not storing any of the signals chronologically over time. If you decide to turn the Office Graph on later, you will have no history to measure against.” John White, TyGraph

If you really must…

After all this, if you are still insisting to turn Delve off, the only way is to turn off the Office Graph. This is buried deep in the SharePoint admin center under settings.

Turning Delve off via Office Graph in SharePoint admin center

There is a UserVoice that has been started to request being able to turn off Delve without turning off the Office Graph. If you are interested in this, please vote this up

Delve and Hyperfish bring people together

I’d be interested to discuss on this thread why people want to totally turn off Delve. Being able to discover people and their content across your organization can be key contributor to increased employee engagement. And to support all this you will need to ensure your profiles are complete and up-to-date…this is where Hyperfish comes in.