Privacy changes and API support for Microsoft 365 usage reports – Rolling out starting June 23

At Microsoft, we are committed to both data-driven insights and user privacy. As part of that commitment, we made a change in September 2021 to Microsoft 365 usage analytics to conceal user group and site names by default.  Starting on June 23rd, we will conceal the GroupID variable in the Groups Activity section of the Microsoft 365 Active Users report and Microsoft 365 Apps usage report. At the same time, we will be introducing an API to assist global admins to manage data privacy controls for Microsoft 365 Reports. These changes will gradually roll out to all environments through the end of July and will help companies fulfill their local privacy requirements. The following products and APIs are affected:

• Microsoft 365 Reports in the Microsoft 365 admin center 
• Microsoft 365 usage reports in Microsoft Graph 
• Microsoft Teams analytics and reporting in the Microsoft Teams admin center  
• The reportRoot: getSharePointSiteUsageDetail API (1.0 and beta) for SharePoint site detail 

Global admins can revert this change for their tenants and show identifiable information if their organization’s privacy practices allow it. This can be achieved in the Microsoft 365 admin center by going to Settings > Org Settings > Services, selecting Reports and unchecking, "Display concealed user group and site names in all reports."

The API to change this setting without needing to visit the Microsoft 365 admin center is below:

URL is https://graph.microsoft.com/beta/admin/reportSettings

Two methods have been provided for this API:

An image providing an example of how to change report settings via the API.

The report will only contain a Privacy Setting property. For more information on Graph API, check out Use the Microsoft Graph API - Microsoft Docs. Global admins can use the Software Development Kit (SDK) or directly call the API using any program language with network ability. We recommend using Graph Explorer.

When user group and site names are concealed, the report will show de-identified information in the username information as demonstrated in the example below:

An image of an example report providing de-identified username information when the "Display concealed user group and site names in all reports" box is checked.

When a global admin unchecks the ‘‘Display concealed user group and site names in all reports" box or makes a change to remove concealment using the API, the report will show identifiable information, such as usernames, as demonstrated in the example below:

An image of an example report providing identifiable username information when the "Display concealed user group and site names in all reports" box is unchecked.

Showing identifiable information is a logged event in the Microsoft Purview compliance portal (formerly known as the Microsoft 365 compliance center) audit log. When concealing user group and site names are disabled, admin roles and Reports reader roles will be able to see identifiable user-level information. Global Reader and Reader roles will not have access to identifiable user information regardless of the setting chosen. 

These changes to the product will bolster privacy for users while still enabling IT admins to measure adoption trends, track license allocation, and determine license renewal in Microsoft 365. 

Did you know? The Microsoft 365 Roadmap is where you can get the latest updates on productivity apps and intelligent cloud services. Check out what features are in development or coming soon on the Microsoft 365 Roadmap. To learn more about the features discussed in this blog, check out the links for the roadmap items below:

• GroupID to be hidden by default in Microsoft 365 active user reports 
• Reports in the Admin Center – API available to manage user, group, and site names