Update 1/20/2022: We have edited this post for clarity based on customer feedback.
Over the last few years, we have invested heavily in Microsoft Graph to enable developers to access the rich data ...
Updated Jan 20, 2022
Version 5.0
Blog Post
The_Exchange_Team Set-UserPhoto was a one line command that simplified the overly complex photo sync process. I've spent hours trying to get the GraphAPI to work for this in Powershell and keep getting 401 errors. [30,1: Invoke-RestMethod] The remote server returned an error: (401) Unauthorized.
What permissions are needed for the App Registration and the Powershell connection scope?
Connect-MgGraph -Scopes "User.ReadWrite.All"
$AzAppSecret = '###########################'
$AzAppId = '###########################'
$AzTenantId = '#######################'
# Request token
$tokenRequestBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $AzAppID
Client_Secret = $AzAppSecret
}
$tokenRequestUri = [String]::Format('https://login.microsoftonline.com/{0}/oauth2/v2.0/token', $AzTenantId)
$tokenResponse = Invoke-RestMethod -Uri $tokenRequestUri -Method 'POST' -Body $tokenRequestBody -ErrorAction Stop
$accessToken = $tokenResponse.access_token
$AzUserUPN = 'username@example.com'
$AzUserImage = 'S:\samplepic.jpg'
$uri = [String]::Format('https://graph.microsoft.com/v1.0/users/{0}/photo/$value', $AzUserUPN)
$Headers = @{
'Authorization' = [String]::Format('Bearer {0}', $accessToken)
'Content-Type' = 'image/jpeg'
}
Invoke-RestMethod -Method Put -Uri $uri -InFile $AzUserImage -Headers $Headers