User photos in O365

Super Contributor



What is the 'best way' to get all the users photo "uploaded" to O365? 


Users mails are not moved/present in EXO 


  1. Looked/tried CodeTwo - but getting permission error:  " you do not have permission to change this user photo" (and I'm logged in as global admin)  
  2. A picture list in SharePoint Root Site and a PowerShell script that sets the photos - so "update" is just replacing the photo? 
  3. any Other ways? 
12 Replies
Hi Taen,

I would personally do it the second way in terms of using a script such as this

No reason to get a third party tool once you have written the script! Granted I deal mainly with SMB so it may take some time if the organisation is large - so that is probably a reason to go with option 1 if you manage to resolve it with the vendor.

Hope that helps make a decision!

Best, Chris
Hyperfish has a free photo tool, but it lets end users do their own not exactly from an admin perspective. Depends on company users and policies, but this could be an option. Their paid tool is nice for keeping profiles up to date as well and will ping people missing photos / required information and ask for updates periodically.
best response confirmed by Taen keren (Super Contributor)

Hi @Taen keren,


CodeTwo's rep over here.


Please review this installation guide: to make sure that you accepted the permissions requested by the application and that the program was allowed to be registered in Azure Active Directory of your tenant. 


Be also advised that only photos of users with an active Office 365 subscription plan (with Exchange Online) are synchronized.



Adam (CodeTwo)

@Adam Aardvark @Christopher Hoard @Taen keren @Chris Webb 


Hi All


Hope everyone is well. I have the exact opposite request. We wish to remove all profile pictures in all Office 365 services. We wish to default to initials (example NS) and prevent staff from changing their profile pictures until we get professional ones taken. Any advice?

@Navishkar Sadheo Hi, if you´re connected to both Azure Active Directory and Exchange Online (with admin permissions) you should be able to pipe the command Get-MsolUser -All | Remove-UserPhoto -Identity $_.UserPrincipalName -ClearMailboxPhotoRecord -ErrorAction SilentlyContinue.

To remove user photos, you can also use CodeTwo User Photos for Office 365. Just select the photos in the program, right-click on your selection and choose Remove photos from the shortcut menu. You can also use the Remove button in the toolbar.


Here is a video on how to manage user photos with this freeware:


When it comes to blocking users’ ability to change photos, you can use:

Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -SetPhotoEnabled $false

Users won’t be able to change their profile picture from OWA. It will probably be enough for most users. They might be still able to do that from other channels, but I'm not aware of any toggle in Office 365 to change it globally.



@Adam Aardvark 


Hi Adam. Thanks so much for the reply. Will try that. How will "CodeTwo User Photos for Office 365" work in a hybrid environment thou??

codetwo is online only. I used to use a tool called directoryupdate from ithicos, it will let users update their profile and photo and if you do directorymanager you can update it for everyone else, not a bad tool set and reasonably priced for hybrid use.

I prefer Hyperfish but it only supprots user updates, no way to give an admin from such as HR to maintain the profile / photos like you can with directorymanager.

Hi @Navishkar Sadheo,


CodeTwo User Photos for Office 365 supports most hybrid configurations. Please see this user's manual for details:



@Adam Aardvark 


We've been trying to allow our HR function the ability to update user profile photos of our employees, but it seems the tool requires you to be Global Admin? :o

Can this really be true? If so, I do not understand why the tool creates an APP Reg in the tenant with User.ReadWrite.All permissions? Is the tool not supposed to use this App Reg identity to update the profile pics?

Thanks! :)


For security reasons, access to the application is limited to users who have the necessary permissions granted in Azure AD. They don’t need to have the global admin rights. Company-wide management of user photos can be delegated to other (non-admin) users or groups. See this article to learn which permissions are required:

Anyway, we know that you’re already in contact with our Customer Success Team, so they’ll help you set everything up.

@Nick_North just wondering if you were able to get CodeTwo to work and what you had to do to get it to work. We've tried everything (multiple installs/uninstalls, granting tenant-wide consent during install and in the Azure portal) but can't get it to work for anyone who isn't a Global Admin. So I wanted to see if you got it working.