@oliwer_sundgren 

 

correct. We have this option blocked by OWA policy but users can still access to profile in AAD and from properties tab, they are able to change or update profile pic which than reflects to all o365 services for the user. 

I understand!
Perhaps this article could be of assistance for you? There are several places a user can change their photo, for example Sharepoint and via direct link to the Changephoto URL

https://www.codetwo.com/admins-blog/prevent-users-from-changing-profile-photos-microsoft-365/

Thank you.

We have the photo upload blocks in O365 via OWA policy, In SPO, We also disabled work & email account settings on Win 10 using GPO, disabled remote PS for all users but they are still able to access it. Opening a case with Microsoft and MS PG advised that we use Conditional access to block Azure management app so no users can access the portal but that blocks other access to so did not work. the URL that users are able to upload/change pic is below. https://portal.azure.com/#view/Microsoft_AAD_UsersAndTenants/Usermanagementmenublade/~/AllUsers

We have the below disabled in Azure for non-admin users

Restrict access to Azure AD administration portal - set to YES but users can still access the above URL and can change photos from the profile - properties tab.