Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

How did LinkedIn get the permission to access my AAD profile?

Deleted
Not applicable

Today I noticed that LinkedIn has been granted permission to share my “profile and connection data” on my AAD profile page.  I don’t remember having authorized LinkedIn to do so.

 

Permission granted without consent.png

  

 

I can manually “remove these permissions” but I’m not sure how to do that in batch for all the other users in my tenant.

 

Does anyone else have it or know how it got there without consent?

9 Replies

Thanks but I don’t think so.  LinkedIn contact sync, as part of the organization-wide OWA mailbox policy, has always been disabled.  (By the way, the article you referenced says it can be changed from the admin portal, but I couldn’t find it.)

 

I also checked all OAuth2 permissions that have been granted (using Get-AzureADUserOAuth2PermissionGrant) and it’s not there for any user either.  The AAD profile page makes a request to https://account.activedirectory.windowsazure.com/linkedInConnectionStatus/GetAppStatus to check opt-in/opt-out status.  I think Microsoft actually did something without users and admins consent.

I'm seeing this too. I've only had LinkedIn for a couple of weeks and have definitely never connected it to my work account - I don't even have my corporate email address in my LinkedIn profile.

 

 

Dooooooodgy.

I see it too. I also see it for Azure AD accounts in my demo tenant that have no LinkedIn presence at all.

 

Interestingly I do not see a reciprocal permission in my LinkedIn privacy settings (i.e. I haven't explicitly allowed LinkedIn to share information with Microsoft/Office 365).

 

The wording suggests that it's Microsoft using LinkedIn profile info, not LinkedIn gaining access to Azure AD/Office 365 info, but still, it's an unwelcome surprise.

I added some more thoughts here.

 

https://practical365.com/blog/linkedin-data-sharing-microsoft/

 

The wording is odd. I don't know why the permission appears in Azure AD when it seems to be saying that LinkedIn will be allowed to share data with Microsoft, not vice versa.

 

That said, in my blog post above I found a couple of snippets from the LinkedIn privacy policy that arguably provide consent for the sharing of our LinkedIn data with Microsoft, or at the very least that they have legitimate access to it as part of their acquisition of LinkedIn.

best response
Solution

Hi All, I've just come across this thread.

 

We identified a bug in the profile user interface that incorrectly displayed a settings control for a feature that is not available. No permissions were granted. The option is not functional and there is no effect if you attempted to take action. We've rolled back the UI changes and removed the button. 

Doesn’t seem like a simple UI mistake to me, but I’m glad it’s not functional.

I've updated my blog post with that info. Still, nobody developed that UI element, wrote the text for it, and shipped code, for a non-existent feature. Obviously something is being developed. I hope when it resurfaces there will be a lot more transparency.


@Paul Cunningham wrote:

... nobody developed that UI element, wrote the text for it, and shipped code, for a non-existent feature. 


Rather, someone obviously developed the code with the full knowledge of some managers and introduced the code into the live version so that it appeared in production. Clearly, someone knows what is happening. If not, can we then assume that any Microsoft developer can have a random thought that they'd like to do something and just go ahead and create a new option in a shipping product? 

1 best response

Accepted Solutions
best response
Solution

Hi All, I've just come across this thread.

 

We identified a bug in the profile user interface that incorrectly displayed a settings control for a feature that is not available. No permissions were granted. The option is not functional and there is no effect if you attempted to take action. We've rolled back the UI changes and removed the button. 

View solution in original post