Altering Item Insights Security In Microsoft Graph Using REST API

Introduction

1. What does the meaning of Insights Protection Settings?
2. What does one need to keep in mind while changing the settings of Insights?
3. How this progression will be affected to the behavior of UI in Microsoft 365?

How to configure item insights Using Microsoft Graph REST API?

1. User can impede/disable item Insights for all users in affiliation using isEnabledInOrganization property in itemInsightSetting resource
2. User can impede/disable item Insights for a group of users/subset of users, which is assigned in Azure AD Group
3. Using disabled for group property in itemInsightSetting resource

1. At the time of writing this article, API is under beta form in Microsoft Graph which is liable to change.
2. Utilizing these APIs for production development can put you in truble.Utilize the version selector to check API is accessible in v1.0 or not.
3. To update ItemInsightPermission, the Application permission type is not supported yet. Only delegated permission is supported.
4. To use delegated permission requires the signed-in user to have a global administrator Role.

Property Information

 

How to disable Item Insights for the organization?

Set Permission to access ItemInsight Resource.

 

 

Rest Call To check current settings for Insights in Organization,

1. Get https://graph.microsoft.com/beta/organization/{organizationId}/settings/itemInsights      
2.       
3. Accept: application/json      
4. Content-type: application/json    

Reponse will be as below.

1. {    
2.     "@odata.context": "https://graph.microsoft.com/beta/$metadata#organization('ae231454-fa2c-449e-85ed-b2c82b30f2d0')/settings/itemInsights/$entity",    
3.     "isEnabledInOrganization": true,  
4.     "disabledForGroup": null   
5. }     

Rest Call to Update for Insight Settings

1. PATCH https://graph.microsoft.com/beta/organization/{organizationId}/settings/itemInsights    
2.     
3. Accept: application/json    
4. Content-type: application/json    
5.     
6. {    
7.   "isEnabledInOrganization":false    
8. }     

The response will be as below after update settings.

1. {    
2.     "@odata.context": "https://graph.microsoft.com/beta/$metadata#organization('ae231454-fa2c-449e-85ed-b2c82b30f2d0')/settings/itemInsights/$entity",    
3.     "isEnabledInOrganization": false,    
4.     "disabledForGroup": null    
5. }    

Note

1. Organization ID will be your tenant ID. You will get tenant ID from overview of Azure Active Directory in Azure Portal.
2. As mentioned in previous article, Updating settinsg can take up to 8 hours to be applied across all Microsoft 365 experience.

How to disable Item Insights for Subsets of User/ for Specific Azure AD Group?

Rest Call to update Insights for a subset of users.

1. PATCH https://graph.microsoft.com/beta/organization/{organizationId}/settings/itemInsights      
2.       
3. Accept: application/json      
4. Content-type: application/json      
5.       
6. {    
7.     "disabledForGroup": "7268b3ea-558f-4c61-be33-2ba1dcca4fce"    
8. }     

The response will be as below after update settings for a specific group

1. {    
2.     "@odata.context": "https://graph.microsoft.com/beta/$metadata#organization('ae231454-fa2c-449e-85ed-b2c82b30f2d0')/settings/itemInsights/$entity",    
3.     "isEnabledInOrganization": true,    
4.     "disabledForGroup": "7268b3ea-558f-4c61-be33-2ba1dcca4fce"    
5. }    

Reference Links

• ItemInsightResourceType
• ItemInsightSettingsResourceType
• Microsoft Graph Permission Reference
• How to find Tenant Id/Organization Id

HappyCoding