This week at Build, we learned that Microsoft Graph now has a feature that connects it with companies’ business data. The way Microsoft describes the Graph in press materials is artful: It puts people at the center, with apps and devices in a constellation around that core. It’s all about creating a rich database that focuses on people and relationships. Schedules and documents are “artifacts,” and office apps are “rich canvases.” And it relies on lots and lots of data to work.
The thing about the Microsoft Graph is that it’s not one graph — it’s many graphs, and perhaps it should have been named “Graphs,” plural. But even that doesn’t adequately describe it. It is a database, but it’s not monolithic; some Graphs are culled from “world” data, meaning publicly available repositories of information. Some are built from your enterprise’s data, and some are extremely personal.
“Maybe we should rename it ‘Your Graph’ or something,” half-joked Rob Howard, senior director of Microsoft 365 apps marketing, in an interview. That would, at least, tie in neatly to MyAnalytics, which is a strong example of a personal Graph. MyAnalytics, which also received an update at Build, is an Office 365 tool designed to help you understand how you’re using your time at work, including how much “focus time” you’re squeezing in and how much work you’re doing after-hours.
Of course, this level and type of feedback requires a lot of data. “Microsoft Graph […] is this massive data set for a secure and compliant record of productivity activity in the cloud,” said Howard. “Look, the average enterprise company has 2 billion nodes in this graph. This is just incredibly valuable information about how people work.”
All of this raises the extremely important question of privacy and ownership — what data is being used for the Graph (or Graphs), who can see what information, and who the data actually belongs to. Privacy is a sensitive topic in the data-centric world, and no one wants to feel like Big Brother is watching. Does the Graph give Microsoft too much information and too much power?
“That [data] is not owned by us,” assured Howard. “It’s owned by our customers, individuals, and organizations.” Further, the rules around the data come from your organization, not Microsoft. “[Graph] allows you to take this data and in a secure and refined way keep it within your own ownership boundary, your own security and compliance boundary, and combine it with other business data in order to get insights.” Once it’s aggregated and anonymized, you can build models on it.
So Microsoft Graph doesn’t “see” your data any more than you let it, and for the purposes of the Graph, it doesn’t want the kind of data you wouldn’t want it to see. In any case, Howard said it’s “physically impossible” to dig down and look at a person’s individual data.
“If it’s individual knowledge, we want to respect your privacy. Only you should see those assets,” reiterated Malavika Rewari, Microsoft senior product marketing manager for Office intelligence, in an interview at Microsoft Build 2019. “[MyAnalytics] pulls data from your emails, meetings, chat, co-authoring, documents,” and more. “[A]ll Office 365 data — it’s metadata, so it’s not the contents, but more about the time you sent the email, the subject of the email, or who you sent it to,” she explained.
Structurally, your MyAnalytics Graph is not necessarily a subset of your company’s enterprise Graph, and your company’s enterprise Graph is not a subset of the global Graph. A MyAnalytics report is created for you as an individual, based on your data culled from within your company’s rules for the Graph. But your company doesn’t get to see the data that the Graph creates for your MyAnalytics report.
It’s about the ML
This brings us back to those 2 billion nodes produced by the average enterprise company. In order to feed the Microsoft Graph, your company does need to vacuum up a lot of data. The whole point of doing so is to gain insights that can help it understand things like how its people work, their patterns and preferences, team outcomes, the sentiment of their interactions with other companies as pertains to a sale, what skills are required for a given project to be successful, and so on. This is all aimed at improving productivity, but that, too, has undertones of surveillance. Microsoft doesn’t have your de-anonymized data, but your company might.
Howard pointed out that anytime you’re using a cloud service and company computers, your data — emails, documents, web searches — is always available to some degree. If you receive your MyAnalytics report via company Outlook email, your company can have a look at it — but again, the report is an aggregate. It tells you how you spend your time, and the quality thereof, but it doesn’t get granular or specific.
That’s not what this data is about, anyway, and it’s certainly not useful for the Graph. Said Howard, “Graph data connect is all about being able to let you as an organization take data about how your organization works at scale, bring it into Azure Data Factory, combine it with your own business data, and then use your tool chain of choice to glean insights about how your organization works, what are effective work patterns, [and] what can you do more of.”
In other words, Microsoft needs data for its Graph(s) so it can perform machine learning on it and deliver actionable insights to a business or an individual worker. Those insights are meant to be germane to your particular business and are gleaned from your anonymized and aggregated data, which Microsoft does not own. That’s the business model.