Putting the All-time Face on Every User

In April 2020, Microsoft introduced a policy to end users existence able to update their photograph through the Teams client. More accurately, Teams adopted the SetPhotoEnabled setting in the Exchange Online OWA mailbox policy to command if a user can update their photograph. Since then, I have noticed a flood of questions (or complaints) from people asking why their attempts to upload a photo is "blocked by policy." Of course, the answer is that it is, and they should talk to their tenant administrator to take their photograph updated, but that's seldom a welcome response.

Given that user photos show upwardly in places as various as the GAL, the Function 365 profile card, and avatars in applications similar SharePoint Online and Teams, it's a good idea to brand sure that advisable photos are available for users. For example, if a user photo is available, Teams meetings show the photo on a user's attendee card when their video feed is turned off instead of the more than generic "two-initials in a circle" card (Figure 1).

The difference a user photo makes to an attendee card in a Teams meeting
Figure i: The difference a user photo makes to an attendee card in a Teams coming together

Two Strategies

Organizations usually consider ii approaches before deciding on a strategy for user photo management.

  • User-driven . While this strategy involves less piece of work for administrators, it exposes the danger that some users might make less than suitable photo choices. It's a poor choice for schools and other educational establishments.
  • Organization-driven . This strategy usually ways that some tool updates user photos based on a repository such as Hour data. The upside of the strategy is the high standard of user photos. The downside is the demand to either write a tool or discover one to do the task (like Code Two Software's Photos for Role 365).

Of course, given that control is exerted by OWA mailbox policies, you lot tin run a hybrid strategy where some users can update their photos, and some cannot through the simple stride of deploying multiple OWA mailbox policies, some of which enable photo updates and the others which don't.

The Office Played by Exchange Online

Exchange Online plays a primal role in user photo management for other Microsoft 365 applications. The SetPhotoEnabled setting in the Commutation Online OWA mailbox policy assigned to the mailbox controls the ability for users to update their photo. By default, this setting is $Fake, meaning that users are unable to upload a photo from apps and their Office contour. Users barred by policy see a bulletin such as "picture options are disabled by policy" if they attempt to change their photo. To allow users to upload and update their photos, either:

  • Update the OWA mailbox policies and then that SetPhotoEnabled is $Truthful in all policies, or:
  • Create or update an OWA mailbox policy with SetPhotoEnabled ready to $Truthful and assign this policy to the mailboxes of accounts y'all desire to allow to upload photos.

For example, to update an OWA mailbox policy, run the Set-OWAMailboxPolicy cmdlet:

Gear up-OWAMailboxPolicy -Identity OWAFullAccess -SetPhotoEnabled $Truthful

To assign an OWA mailbox policy to a mailbox, employ the Set-CASMailbox cmdlet:

Gear up-CASMailbox -Identity Chris.Bishop -OWAMailboxPolicy OWAFullAccess

Changes to an OWA mailbox policy take up to 30 minutes before they are constructive.

OWA mailbox policies in Substitution Online evidently don't affect users with an on-bounds Exchange mailbox. These users are therefore able to update their photos in apps similar Teams.

Updating User Photos Programmatically

Several PowerShell cmdlets are available to administrators to update user photos.

  • The Exchange Online Set-UserPhoto cmdlet updates the photo data in a mailbox. Set-UserPhoto can also update a photo for a group mailbox (be sure to specify the GroupMailbox switch). You cannot use Set up-UserPhoto to update other mail-enabled objects, like distribution lists or mail contacts. Photos loaded into Exchange Online are synchronized to other workloads, including SharePoint Online and Teams.
  • The Teams Set up-TeamPicture cmdlet updates the epitome for a squad. This is analogous to running Set up-UserPhoto to update the photo for a group mailbox. In most cases, it's best to use Ready-UserPhoto to avoid the demand to load some other module. It's a expert idea to highlight important teams with an appropriate image which conveys the purpose of the squad.
  • The Azure Advertising Set-AzureADUserThumbnailPhoto cmdlet writes photo data to an Azure Advertizement user account. Utilize this cmdlet when you wish to update photograph information for an Azure Advertizing account which doesn't have an Substitution Online mailbox, like guest accounts. As the cmdlet name suggests, the cmdlet processes thumbnail (small) photos. It does not generate the larger size photos which look better in Teams meetings. For this reason, always use Set-UserPhoto to upload photos for tenant accounts.

Exchange Online and Azure Advertizement synchronize photo data to make certain that user accounts accept the latest picture. Later on a short filibuster to permit the apps to refresh their caches, an updated photo will exist active across the ecosystem.

Teams owners tin can modify the picture for a team by clicking the existing movie and uploading a new file (Figure two). Group owners can do the aforementioned for Microsoft 365 groups past editing group backdrop in OWA's Manage groups department. In both cases, the moving picture data is in the group mailbox and volition synchronize to other apps.

Updating the photo for a team
Figure two: Updating the photo for a squad

Image files for user photos can be JPEG or PNG format and should be:

  • Resolution: 648 x 648 pixels. This is the largest resolution supported. Behind the scenes, Commutation Online generates smaller 64 x 64 and 96 10 96-pixel thumbnails for apps to apply when pocket-sized thumbnails are appropriate. Most digital photos are much larger (in pixels) so some resizing is needed. Square photos are best every bit they won't be cropped. Usually, best results are obtained when the user faces directly into the camera.
  • Size: Less than 500 KB.

Although it can accept 30 seconds or more than to update a moving picture for a mailbox, running Set-UserPhoto is elementary:

Fix-UserPhoto -Identity Chris.Bishop@office365itpros.com -PictureData ([System.IO.File]::ReadAllBytes("c:\Temp\ChrisBishop.jpg")) -Confirm:$False

If you want to check if a mailbox already has a picture show (to avoid overwriting information technology), utilize the Get-UserPhoto cmdlet. This cmdlet returns $Null if the mailbox has no photo. Remember to include the GroupMailbox switch if checking a group mailbox (including team-enabled groups).

If (Get-UserPhoto -Identity Chris.Bishop@Office365Itpros.com) {Write-Host "Chris has a photo"}

If yous make a mistake and upload the wrong epitome, you can restart past removing the image with the Remove-UserPhoto cmdlet:

Remove-UserPhoto -Identity Chris.Bishop@office365itpros.com -Confirm:$Faux

An example of how to scan user mailboxes to find mailboxes without photos tin be downloaded from GitHub.

The Personal Side of Users

User photos are extremely personal, and it should come as no surprise that people should be upset when they cannot change their image. If you decide to clamp down on user-initiated photo updates, possibly it might be a good idea to create a procedure to allow users to asking photo changes. It might only continue people happier.