Aug 22 2017
07:52 PM
- last edited on
Jan 14 2022
05:29 PM
by
TechCommunityAP
Aug 22 2017
07:52 PM
- last edited on
Jan 14 2022
05:29 PM
by
TechCommunityAP
Today I noticed that LinkedIn has been granted permission to share my “profile and connection data” on my AAD profile page. I don’t remember having authorized LinkedIn to do so.
I can manually “remove these permissions” but I’m not sure how to do that in batch for all the other users in my tenant.
Does anyone else have it or know how it got there without consent?
Aug 23 2017 12:23 AM
It's probably the "LinkedIn contact sync" feature: https://support.office.com/en-gb/article/Manage-LinkedIn-contact-sync-in-your-organization-8097C125-...
Aug 23 2017 02:23 AM - edited Aug 23 2017 02:24 AM
Thanks but I don’t think so. LinkedIn contact sync, as part of the organization-wide OWA mailbox policy, has always been disabled. (By the way, the article you referenced says it can be changed from the admin portal, but I couldn’t find it.)
I also checked all OAuth2 permissions that have been granted (using Get-AzureADUserOAuth2PermissionGrant) and it’s not there for any user either. The AAD profile page makes a request to https://account.activedirectory.windowsazure.com/linkedInConnectionStatus/GetAppStatus to check opt-in/opt-out status. I think Microsoft actually did something without users and admins consent.
Aug 23 2017 06:16 PM
I'm seeing this too. I've only had LinkedIn for a couple of weeks and have definitely never connected it to my work account - I don't even have my corporate email address in my LinkedIn profile.
Dooooooodgy.
Aug 23 2017 06:59 PM
I see it too. I also see it for Azure AD accounts in my demo tenant that have no LinkedIn presence at all.
Interestingly I do not see a reciprocal permission in my LinkedIn privacy settings (i.e. I haven't explicitly allowed LinkedIn to share information with Microsoft/Office 365).
The wording suggests that it's Microsoft using LinkedIn profile info, not LinkedIn gaining access to Azure AD/Office 365 info, but still, it's an unwelcome surprise.
Aug 23 2017 07:41 PM
I added some more thoughts here.
https://practical365.com/blog/linkedin-data-sharing-microsoft/
The wording is odd. I don't know why the permission appears in Azure AD when it seems to be saying that LinkedIn will be allowed to share data with Microsoft, not vice versa.
That said, in my blog post above I found a couple of snippets from the LinkedIn privacy policy that arguably provide consent for the sharing of our LinkedIn data with Microsoft, or at the very least that they have legitimate access to it as part of their acquisition of LinkedIn.
Aug 24 2017 03:53 PM
SolutionHi All, I've just come across this thread.
We identified a bug in the profile user interface that incorrectly displayed a settings control for a feature that is not available. No permissions were granted. The option is not functional and there is no effect if you attempted to take action. We've rolled back the UI changes and removed the button.
Aug 24 2017 04:34 PM
Aug 24 2017 05:57 PM
I've updated my blog post with that info. Still, nobody developed that UI element, wrote the text for it, and shipped code, for a non-existent feature. Obviously something is being developed. I hope when it resurfaces there will be a lot more transparency.
Aug 25 2017 06:00 AM
@Paul Cunningham wrote:... nobody developed that UI element, wrote the text for it, and shipped code, for a non-existent feature.
Rather, someone obviously developed the code with the full knowledge of some managers and introduced the code into the live version so that it appeared in production. Clearly, someone knows what is happening. If not, can we then assume that any Microsoft developer can have a random thought that they'd like to do something and just go ahead and create a new option in a shipping product?
Aug 24 2017 03:53 PM
SolutionHi All, I've just come across this thread.
We identified a bug in the profile user interface that incorrectly displayed a settings control for a feature that is not available. No permissions were granted. The option is not functional and there is no effect if you attempted to take action. We've rolled back the UI changes and removed the button.