241219
Restrict changing photo:
https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#public-preview---updating-profile-photo-in-myaccount
https://office365itpros.com/2024/09/16/photo-update-settings-policy/
https://www.michev.info/blog/post/6196/how-to-control-profile-photo-updates-in-microsoft-365-via-the-photoupdatesettings-control
Connect-MgGraph -Scopes "PeopleSettings.ReadWrite.all"
$Uri = "https://graph.microsoft.com/beta/admin/people/photoupdatesettings"
$Settings = Invoke-MgGraphrequest -Uri $Uri -Method Get
$Settings
# Define the request body
# User Admin: fe930be7-5e62-47db-91af-98c3a49a38b1
# Global Admin: 62e90394-69f5-4237-9190-012177145e10
# To rollback, leave the values blank for both source and allowedRoles (ie "".)
$body = @{
source = "cloud"
allowedRoles = @("fe930be7-5e62-47db-91af-98c3a49a38b1", "62e90394-69f5-4237-9190-012177145e10")
}
# Convert to JSON
$BodyJson = $body |ConvertTo-Json
# Send the PATCH request with the correct headers
$Settings = Invoke-MgGraphRequest -Uri $Uri -Method PATCH -Body $BodyJson -Headers @{ "Content-Type" = "application/json" }
OWA
Get-OwaMailboxPolicy |fl name,SetPhotoEnabled
Set-OwaMailboxPolicy "OwaMailboxPolicy-Default" -SetPhotoEnabled $false
SHAREPOINT:
https://tenantishere-admin.sharepoint.com > MORE-FEATURES > USER-PROFILES > OPEN
MANAGE-USER-PROPERTIES (not PROFILES)
PICTURES > EDIT
UNCHECK "Allow users to edit values for this property".