With Office365 you can have profile pictures, and this setting is enabled by default. In larger organizations you may not want this policy enabled or have a customized policy for different departments. Here’s what I had to do to disable the picture upload capability by default and use powershell to update it for individuals by using a customized policy.
# Office 365 and Picture/Photo
$force = $true; $force = $false;
$email = 'abc@contso.ae'
$email = 'xyz@contso.ae'
CLS
Function ConvertImage-ToBase64String($file) {
#Convert Image to Base64
$image = [System.Drawing.Image]::FromFile($file)
$ms = New-Object IO.MemoryStream
$image.Save($ms, "png")
$imageBytes = $ms.ToArray()
$base64String = [Convert]::ToBase64String($imageBytes)
}
Function ConvertImage-FromBase64String($base64String) {
#Convert Base64 to Image
$imageBytes = [Convert]::FromBase64String($base64String);
$ms = New-Object IO.MemoryStream($imageBytes, 0, $imageBytes.Length);
$ms.Write($imageBytes, 0, $imageBytes.Length);
return [System.Drawing.Image]::FromStream($ms, $true);
}
Function ConvertImage-FromByteArray($imageBytes) {
#Convert Base64 to Image
#$base64String = [Convert]::ToBase64String($imageBytes)
#$imageBytes = [Convert]::FromBase64String($base64String);
$ms = New-Object IO.MemoryStream($imageBytes, 0, $imageBytes.Length);
$ms.Write($imageBytes, 0, $imageBytes.Length);
return [System.Drawing.Image]::FromStream($ms, $true);
}
<#
1 - Connect to your account (https://technet.microsoft.com/en-us/library/jj984289%28v=exchg.150%29.aspx)
#>
if($o365Session -eq $null -or $force) {
#$username = "<admin username>"
#$password = cat C:\tmp\securestring.txt | convertto-securestring
#$o365Cred = New-Object -TypeName System.Management.Automation.PSCredential #-ArgumentList $username, $password
$o365Cred = Get-Credential -Message "Enter your Office 365 admin credentials"
$o365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell" -Credential $o365Cred -Authentication Basic -AllowRedirection -Name "Exchange Online"
Import-PSSession $o365Session -AllowClobber
Connect-MsolService -credential $o365Cred
}
<#
2 - Import the user photo. I do this on a case by case basis, as we have a personal profile picture per person.
# >
$photo = ([Byte[]] $(Get-Content -Path C:\tmp\logo.jpg -Encoding Byte -ReadCount 0))
Set-UserPhoto -Identity <username> -PictureData $photo
#>
#Set-UserPhoto "John Example" -PictureData ([System.IO.File]::ReadAllBytes( "C:\John.Example.jpg" )) –Confirm:$false
$UserPhoto = $null;
$UserPhoto = (Get-Mailbox -Identity $email | Get-UserPhoto -ErrorAction SilentlyContinue);
if( $UserPhoto -ne $null ) {
$tmp = [IO.Path]::GetTempPath() + "$($UserPhoto.Identity).jpg"
$image = ConvertImage-FromByteArray ($UserPhoto.PictureData);
$image.Save($tmp); [Diagnostics.Process]::Start($tmp)
Write-Host " Picture saved to $tmp " -ForegroundColor DarkYellow -BackgroundColor DarkGreen;
} else { Write-Host ' No Picture for this user ' -ForegroundColor Red -BackgroundColor DarkYellow; }
<#
4 - Remove the user photo.
# >
Get-Mailbox -Identity $email | Remove-UserPhoto -Confirm:$false;
#>
<#
5 - Prevent users to change profil photo
# >
# When you run below, an Outlook Web App Policy by using -Identity parameter, it disables the feature for all Outlook Web App Policies in your tenant. Including the default Outlook Web Access Policy.
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -SetPhotoEnabled $false
# If you want to disable the feature for a specific set of users, then you can create a new Outlook Web App Policy, assign it to those who you wish to disable this feature, and then run the command as below.
Get-OwaMailboxPolicy -Identity "OWAPolicy_Name" | Set-OwaMailboxPolicy -SetPhotoEnabled $false
#>
# Creating a Picture Policy to use with Office365 (https://www.mowasay.com/2016/01/office365-creating-a-picture-policy-to-use-with-office365/)
