What Could Prevent a User From Uploading a Photo

Update: This post was updated on July 22, 2020.

When y'all gear up up user photos in Microsoft 365 (Office 365), they propagate through the whole Microsoft 365 tenant and apps integrated with Azure Advert. This ways that they are displayed in Outlook, Teams, SharePoint, and more than. By default, any user can modify their photo to anything they like. This might be a trouble for admins who want to keep everything in order. In this commodity, I'll show you why and how to block users from changing their photos in Microsoft 365.

Why to prevent users from changing photos in Microsoft 365?

The virtually important reason to lock the power of users to change their profile photos is to ensure a unified visual identity. If you don't restrict permissions, any user tin overwrite the photo that yous (the admin) fix for them in Microsoft 365 to comply with your organization'south guidelines. When users control their profile pictures, information technology'southward impossible to maintain the aforementioned quality across the whole arrangement. What's more than, since users tin can change their photos from a few different places, they might cease up having different photos in various Microsoft 365 apps (photos can have up to 72 hours to sync or tin can encounter sync problems). That's why setting restrictions on user profile photo direction in Microsoft 365 is crucial for many companies.

Where can users modify their profile photo?

The challenging part with preventing users from changing their Part/Microsoft 365 photos is that users can change them from more one place independently:

Delve:

Microsoft 365 profile:

SharePoint Online

Microsoft Teams:

Luckily, since April 2020 Microsoft Teams honor the Outlook on the web (OWA) policy settings, then there are just two settings that need to be changed to take total control of user photos in Microsoft 365.

Important: Users tin as well change their photos using the following URL: https://outlook.function.com/post/changephoto. That's where blocking gets tricky, just I volition go to that.

How to block users from changing their photos in Microsoft 365

To successfully prevent users from changing their own contour photos, you demand to:

1. Change your Outlook on the spider web policy.
2. Set up SharePoint Online permissions.
3. Block admission to the directly photo settings link.

To do so, y'all'll need to use PowerShell, Microsoft 365 admin center, and practice something about the URL which tin be used as a backdoor.

Change Outlook on the web policy settings

First, you need to commencement a remote PowerShell session to your Microsoft 365 (Exchange Online). See instructions in this commodity.

If you want to prevent all users from irresolute their profile photos, you demand to change the default OWA (Outlook on the Web) policy. The default policy's name is OwaMailboxPolicy-Default. While its name can exist inverse, the default policy gets recreated with the default name and volition be practical to newly created users. Since yous can have other policies that utilize to a subset of users only, allow's first check what policies yous have by running:

Get-OwaMailboxPolicy | FL name,SetPhotoEnabled

The results suggest that I simply have the default Outlook on the web mailbox policy, and information technology allows users to change their profile photos.

To prevent all users from changing their pictures, I can run:

Set-OwaMailboxPolicy OwaMailboxPolicy-Default -SetPhotoEnabled $faux

And that'south information technology. Within upwards to lx minutes, all users who endeavor to change their profile photo volition fail to do so (unless they utilize SharePoint, but I'll get to this in the next section).

If you want to forestall only a subset of users from changing their photos, you need to create a new mailbox policy, alter its SetPhotoEnabled aspect and assign it to the subset of users. See instructions below.

Annotation: You can create a new Outlook on the web policy in the Exchange admin middle (EAC) and assign it to users. Notwithstanding, currently, you cannot change the SetPhotoEnabled parameter using this interface, so I'll show the whole procedure using PowerShell but.

First, create a new Outlook on the web policy with the SetPhotoEnabled attribute fix to $simulated:

New-OwaMailboxPolicy "Prevent users from changing their photos" | Set up-OwaMailboxPolicy -SetPhotoEnabled $fake

To use the policy for a unmarried user (j.doe in the case below), run the following cmdlet:

Set-CASMailbox -Identity [email protected] -OwaMailboxPolicy "Prevent users from changing their photos"

To apply the OWA mailbox policy to more users, it's easiest to use the Foreach loop. In the case below, I apply PowerShell to get all members of the Microsoft 365 group chosen "Marketing" and apply the new policy to them:

$members=(Get-UnifiedGroupLinks "Marketing" -LinkType members).UserPrincipalName; Foreach ($fellow member in $members) {Gear up-CASMailbox -Identity $member -OwaMailboxPolicy "Forestall users from changing their photos"};

Once you apply the modify, yous can use the post-obit cmdlet to bank check if the right OWA mailbox policy has been practical to users:

Get-CASMailbox | FL proper noun,OwaMailboxPolicy        

This concludes changing the Outlook on the spider web mailbox policy to foreclose users from changing profile photos. Information technology should wor for all places other than SharePoint. The side by side step is to change your SharePoint Online settings.

SharePoint Online contour policy

Setting upwardly your SharePoint Online profile policy requires you to use the Microsoft 365 admin center interface.

1. Become to Microsoft 365 admin center, click Bear witness all in the left menu and choose SharePoint to access the SharePoint Online admin center.

• In the SharePoint Online admin heart, click More features, and click Open in the User profiles section.

• Go to Manage User Backdrop.

• Click Motion picture and so click Edit Policy.

In the Policy settings, clear the Permit users to edit values for this belongings checkbox, scroll down and click OK.

From now on, users should no longer be able to edit their contour photos from SharePoint. This applies to all users in your Microsoft 365 arrangement. Currently, at that place is no method to fine-tune this policy to prevent but specific users from changing their profile photos in SharePoint Online.

Block the URL that links to the photo settings

Now, this is a tricky office. Whatever user who visits the https://outlook.office.com/mail/changephoto URL will be able to change their Microsoft 365 photograph. Most solutions used to block URLs, like editing the hosts file or irresolute the DNS settings, will not piece of work for a specific URL, but for a whole domain. Blocking the whole outlook.part.com domain volition make Outlook on the web inaccessible. Also, you will need to cake this domain for mobile devices, likewise. And so, to completely prevent your users from changing their Microsoft 365 photograph, you can:

1. Employ Client Access Rules to completely block access to Outlook on the Spider web and its settings. Users will yet be able to use Outlook for their mailing needs.
2. Cake the specific URL with a firewall. This seems like the most elegant solution, merely requires a firewall with such a feature and being able to apply this firewall for all users' connections to Microsoft 365.

Changing all these settings stops users from editing their photos merely yet allows anybody to see the assigned contour images. Since users tin no longer edit their pic attribute, you can manage user photos without worrying that someone volition overwrite them.

How to manage user photos in Microsoft 365

CodeTwo User Photos is a free tool that allows you to centrally manage profile photos in Microsoft 365 for all users. If y'all're an admin, you can utilise this app afterwards preventing users from changing their profile images. It will help yous easily upload user photos to Microsoft 365, so that they will appear in SharePoint, Commutation Online, Outlook on the web, Microsoft Teams and practically any Microsoft 365-continued app and service.

What'southward more, the tool will let you lot automatically rotate and resize images, so that they always meet Microsoft 365 photo requirements.

Download it hither for complimentary

See more:

• How to add user profile photos to email signatures
• How to add user photos to Function 365 without PowerShell
• How to prevent Office 365 users from sending emails outside the arrangement?

harrisalthe1955.blogspot.com

Source: https://www.codetwo.com/admins-blog/prevent-users-from-changing-profile-photos-microsoft-365/

Share this post