TenLens
Back to script library
Entra / Microsoft 365 · Exchange Online

Report delve insights disabled

Report Microsoft 365 accounts that are disabled for the Delve Document Insights feature.

Connect & set up

Run these once per session. All scopes are read-only unless the script makes changes.

Connect-MgGraph -Scopes User.Read.All -NoWelcome

Run it

The main script. Copy it, or download the .ps1 and run it from your console.

param(
    [string] $TenantId = "",
    [string] $AppId = ""
)
 
function Get-GraphData {
# Based on https://danielchronlund.com/2018/11/19/fetch-data-from-microsoft-graph-with-powershell-paging-support/
# GET data from Microsoft Graph.
    param (
        [parameter(Mandatory = $true)]
        $AccessToken,
 
        [parameter(Mandatory = $true)]
        $Uri
    )
 
    # Check if authentication was successful.
    if ($AccessToken) {
    $Headers = @{
         'Content-Type'  = "application\json"
         'Authorization' = "Bearer $AccessToken"
         'ConsistencyLevel' = "eventual"  }
 
        # Create an empty array to store the result.
        $QueryResults = @()
 
        # Invoke REST method and fetch data until there are no pages left.
        do {
            $Results = ""
            $StatusCode = ""
 
            do {
                try {
                    $Results = Invoke-RestMethod -Headers $Headers -Uri $Uri -UseBasicParsing -Method "GET" -ContentType "application/json"
 
                    $StatusCode = $Results.StatusCode
                } catch {
                    $StatusCode = $_.Exception.Response.StatusCode.value__
 
                    if ($StatusCode -eq 429) {
                        Write-Warning "Got throttled by Microsoft. Sleeping for 45 seconds..."
                        Start-Sleep -Seconds 45
                    }
                    else {
                        Write-Error $_.Exception
                    }
                }
            } while ($StatusCode -eq 429)
 
            if ($Results.value) {
                $QueryResults += $Results.value
            }
            else {
                $QueryResults += $Results
            }
 
            $uri = $Results.'@odata.nextlink'
        } until (!($uri))
 
        # Return the result.
        $QueryResults
    }
    else {
        Write-Error "No Access Token"
    }
}
 
$ModulesLoaded = Get-Module | Select Name
If (!($ModulesLoaded -match "ExchangeOnlineManagement")) {Write-Host "Please connect to the Exchange Online Management module and then restart the script"; break}
# OK, we seem to be fully connected to Exchange Online.
 
# Define all the stuff necessary to use a registered app to interact with the Graph APIs. Amend these values for your tenant and app!
$AppSecret = "7FP4Nj~kiU.yBXY9~yQB3sMrvpLv5Rx_._"
 
# Construct URI and body needed for authentication
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$body = @{
    client_id     = $AppId
    scope         = "https://graph.microsoft.com/.default"
    client_secret = $AppSecret
    grant_type    = "client_credentials"
}
 
# Get OAuth 2.0 Token
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
# Unpack Access Token
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
$Headers = @{
            'Content-Type'  = "application\json"
            'Authorization' = "Bearer $Token"
            'ConsistencyLevel' = "eventual" }
 
CLS;$Report = [System.Collections.Generic.List[Object]]::new();$CSVOutput = "C:\temp\DelveDisabledAccounts.CSV"
 
Write-Host "Finding mailboxes to check"
[array]$Mbx = Get-ExoMailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox
ForEach ($M in $Mbx) {
   $uri = "https://graph.microsoft.com/v1.0/users/" + $M.ExternalDirectoryObjectId + "/settings"
   $Settings = Get-GraphData -AccessToken $Token -Uri $uri
   If ($Settings.contributionToContentDiscoveryDisabled -eq $True) { # Delve document insights feature turned off so report this mailbox
      Write-Host "Delve turned off for" $M.DisplayName
      $ReportLine = [PSCustomObject][Ordered]@{
         Name     = $M.DisplayName
         UPN      = $M.UserPrincipalName
         ObjectId = $M.ExternalDirectoryObjectId
         DelveOff = $Settings.contributionToContentDiscoveryDisabled }
     $Report.Add($ReportLine)
     } #End if
} #End ForEach
 
If ($Report) {
   Write-Host ("All done. {0} accounts discovered with Delve document insights disabled. Details in {1}." -f $Report.Count, $CSVOutput)
   $Report | Out-GridView
   $Report | Export-CSV -NoTypeInformation $CSVOutput
   }
Else {
   Write-Host "No accounts found with Delve document insights disabled" }

Parameters

ParameterDefaultNotes
-TenantId""Microsoft Entra tenant ID for app-only Graph authentication.
-AppId""Application (client) ID for the app registration used to connect.
Attribution
Author
Office365itpros
Related scripts
Entra / Microsoft 365 · Exchange Online

Add contacts to mailboxes

Copies organizational contacts from a SharePoint list into Exchange user mailboxes for newly licensed users, using app-only Microsoft Graph permissions.

Entra / Microsoft 365 · Applications

Add owners to apps

Finds Entra ID app registrations without owners and assigns the last modifier or creator as owner, using unified audit log records to identify who last managed each app.

Entra / Microsoft 365 · Teams

Add Teams to group expiration policy

Adds Microsoft Teams whose backing groups are not yet covered by the Microsoft 365 group expiration policy.