REST API to change Azure Active Directory user profile picture

Question

I am using https://login.microsoftonline.com/emailid/oauth2/v2.0/token to get access token for Graph API with request form parameters

  {"username", email },
            { "password", password },
            { "grant_type", "password" },
            { "client_id", ClientId },
            { "scope", scope },
            { "response_type", "id_token" }

I am getting access token and after that I am hitting this API:

https://graph.microsoft.com/v1.0/users/emailid/photo/$value

Earlier, I was getting response

{
  "error": {
    "code": "OrganizationFromTenantGuidNotFound",
    "message": "The tenant for tenant guid 'tenant id' does not exist.",
    "innerError": {
      "requestId": "b3ea4878-1234-49be-bc66-c49aa224f9e6",
      "date": "2020-08-23T07:28:21",
      "request-id": "b3ea4878-1234-49be-bc66-c49aa224f9e6"
    }
  }
}

After that I logged in, in the MS Teams app, and retried, the response changed to

{
  "error": {
    "code": "ResourceNotFound",
    "message": "Resource could not be discovered.",
    "innerError": {
      "date": "2020-08-23T11:03:49",
      "request-id": "c675a441-1234-4c29-9de0-7a5530b2fa53"
    }
  }
}

I tried invoking the REST API in the Graph API Explorer and Postman, and the result is the same.

Then, I have tried to use outlook API. https://outlook.office.com/api/v2.0/me/photo/$value and the response was

{
    "error": {
        "code": "MailboxNotEnabledForRESTAPI",
        "message": "REST API is not yet supported for this mailbox."
    }
}

Mailbox is not enabled for the user, so the message is understood. But I want to know, Is there any way to change profile picture of the user in azure active directory. And the user is using only ms teams. If I change picture from MS Teams app, than it reflects everywhere, like teams app, ad users page, or in Microsoft account settings page. I want something like that, to change picture from the code and it reflects the change everywhere.

Thanks

Answer 1

To call the 2 Microsoft Graph endpoints https://graph.microsoft.com/v1.0/users/emailid/photo/$value and https://outlook.office.com/api/v2.0/me/photo/$value , you need an O365 subscription and Exchange Online license.

Looks like you didn't have them (maybe you have an O365 subscription but not Exchange Online license) so you get the errors. Therefore you cannot use Microsoft Graph API to update the picture.

The MS Teams and Azure Portal are using other internal APIs which are not exposed currently to update the picture.

Besides based on my test, even if I have an O365 subscription with Exchange Online license when I update the user profile picture using Microsoft Graph, it only reflects on the O365 portal and AAD portal, it won't change the user profile picture in MS Teams. But when I change picture from MS Teams app, than it reflects everywhere as you mentioned.

I'm not sure if it will take effect on Microsoft Teams after a while if I use Microsoft Graph API. But the modification of the picture from the Microsoft Teams app takes effect immediately for other places.

I also tried to use Azure AD Graph API to update it. But although it returns 204 No Content , the picture is not changed anywhere (O365 and Azure AD).

The only official exposed API should be Microsoft Graph API. But as I explained, it also has some limitations.

If you are interested in the internal API which MS Teams uses, you can use Fiddler4 to capture it for more investigation.