Forum Discussion
How did LinkedIn get the permission to access my AAD profile?
Today I noticed that LinkedIn has been granted permission to share my “profile and connection data” on my AAD profile page. I don’t remember having authorized LinkedIn to do so.
I can manually “remove these permissions” but I’m not sure how to do that in batch for all the other users in my tenant.
Does anyone else have it or know how it got there without consent?
Hi All, I've just come across this thread.
We identified a bug in the profile user interface that incorrectly displayed a settings control for a feature that is not available. No permissions were granted. The option is not functional and there is no effect if you attempted to take action. We've rolled back the UI changes and removed the button.
- Paul CunninghamSteel Contributor
I see it too. I also see it for Azure AD accounts in my demo tenant that have no LinkedIn presence at all.
Interestingly I do not see a reciprocal permission in my LinkedIn privacy settings (i.e. I haven't explicitly allowed LinkedIn to share information with Microsoft/Office 365).
The wording suggests that it's Microsoft using LinkedIn profile info, not LinkedIn gaining access to Azure AD/Office 365 info, but still, it's an unwelcome surprise.
- Paul CunninghamSteel Contributor
I added some more thoughts here.
https://practical365.com/blog/linkedin-data-sharing-microsoft/
The wording is odd. I don't know why the permission appears in Azure AD when it seems to be saying that LinkedIn will be allowed to share data with Microsoft, not vice versa.
That said, in my blog post above I found a couple of snippets from the LinkedIn privacy policy that arguably provide consent for the sharing of our LinkedIn data with Microsoft, or at the very least that they have legitimate access to it as part of their acquisition of LinkedIn.
- Tom BatchelerMicrosoft
Hi All, I've just come across this thread.
We identified a bug in the profile user interface that incorrectly displayed a settings control for a feature that is not available. No permissions were granted. The option is not functional and there is no effect if you attempted to take action. We've rolled back the UI changes and removed the button.
It's probably the "LinkedIn contact sync" feature: https://support.office.com/en-gb/article/Manage-LinkedIn-contact-sync-in-your-organization-8097C125-8628-4453-8138-BAEC6438863F?ui=en-US&rs=en-GB&ad=GB
- Deleted
Thanks but I don’t think so. LinkedIn contact sync, as part of the organization-wide OWA mailbox policy, has always been disabled. (By the way, the article you referenced says it can be changed from the admin portal, but I couldn’t find it.)
I also checked all OAuth2 permissions that have been granted (using Get-AzureADUserOAuth2PermissionGrant) and it’s not there for any user either. The AAD profile page makes a request to https://account.activedirectory.windowsazure.com/linkedInConnectionStatus/GetAppStatus to check opt-in/opt-out status. I think Microsoft actually did something without users and admins consent.
- Chris BrownIron Contributor
I'm seeing this too. I've only had LinkedIn for a couple of weeks and have definitely never connected it to my work account - I don't even have my corporate email address in my LinkedIn profile.
Dooooooodgy.