Storing User ID and Display Name Mapping from Graph API

Question

Hello,

Our M365 team is building a Power BI dashboard to track user information. We get a list of userID from our logs and use two APIs to query display names for those users. We want to know if it is possible for us to save the ID to display name mapping in our own database without violating any compliance policies. Here are the two APIs we use:

https://graph.microsoft.com/v1.0/users/{0}/identities

https://graph.microsoft.com/v1.0/users/{0}

Answer 1

Storing user ID and display name mapping in your own database involves handling personal data, which requires compliance with data protection regulations. Microsoft provides compliance features through Intune, which sets rules for devices you manage and includes actions for noncompliance. However, these features primarily concern device compliance and do not directly address your question about storing user ID and display name mappings.

The APIs you mentioned are part of Microsoft Graph, which allows developers to access data in Microsoft 365. While Microsoft Graph itself has built-in features to ensure compliance with data protection regulations, the responsibility for handling data obtained through these APIs in a compliant manner lies with the developer.

Therefore, you should consult with your organization’s legal and compliance teams to ensure that storing this data does not violate any applicable laws or regulations. They can provide guidance tailored to your specific situation and jurisdiction. Additionally, you may want to consider anonymizing or pseudonymizing the data, if possible, as these are common strategies for reducing the risk associated with handling personal data.

Please note that this advice is general in nature, and specific compliance requirements may vary depending on your location and the nature of your organization.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".