Microsoft 365 User Privacy Setting now includes Group Name, New API control coming
Back in September 2021, Microsoft added a new setting in the Microsoft Admin Center to de-identify users in usage reporting. This was turned on by default and impacts the entire tenant.
From this month, this setting now also impacts Groups in reporting. There isn’t a new setting, but the existing toggle will now de-identify group names as well as users:
Who will be impacted by this?
Ignoring for a moment anyone who is using the Admin Center to view the Microsoft-provided reports, the other place this change is likely to be felt is in applications using the Microsoft Graph API to read reporting data (the API calls on the /reports endpoint). If these applications were reading the Group Name and making any decisions on them, then they will need to be re-worked.
This doesn’t affect the more transactional API calls to read and manage Groups in Microsoft 365. However, the obfuscated name isn’t shown in the Groups GET call, meaning there’s no way to tie together the reporting data with the information about the Group, whilst this privacy setting is turned on.
Can I change it?
There is a single lever across the entire tenant to either display or hide all identifiable information in reports.
This can be changed in the Microsoft 365 Admin Center, by going to: Settings > Org Settings > Reports:
Coming Soon: an API for this
Good news for ISVs and other makers of applications that rely on this setting being either set or unset and want to be monitor the state and react to it: Microsoft are making some API calls to read and update the privacy setting programmatically.
Details on this are not yet fully available because the new API calls are still rolling out to all tenants, but from what we know so far:
- It will come to the /beta namespace first
- It will be on the /admin/reportSettings endpoint
- There will be a GET call and a PATCH call to read and update the value
- The property is expected to be a boolean value, named “displayConcealedNames”
- It’s not yet know what permissions will be needed to set this, or whether the permission will be a User Permission or an Application Permission.
There is a roadmap item for this API, which is due to GA this month.