Creating a Picture Policy to use with Office365

With Office365 you can have profile pictures, and this setting is enabled by default. In larger organizations you may not want this policy enabled or have a customized policy for different departments. Here’s what I had to do to disable the picture upload capability by default and use powershell to update it for individuals by using a customized policy.

Let’s get started.

Connect to Office365 from Powershell:

Import-Module MSOnline
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session
Connect-MsolService –Credential $O365Cred

Check if you have any existing policies that allow photos to be enabled and displayed:

#Check which the default policy regarding the photo
Get-OWAMailboxPolicy | FL *Photo*

Result:

2016-01-18_15-49-04

Let’s create a new policy:

#Create a New OWA Policy
New-OWAMailboxPolicy –Name OWAUsersPicPolicy

Check the setting for the newly created policy:

#Check the setting for the newly created Policy
Get-OWAMailboxPolicy OWAUsersPicPolicy | FL *Photo*

Result:

2016-01-18_15-59-07

We need to make sure that users using this new policy are the only one that can upload their picture via the Office365 Portal.

#Set the Policy setting to have photo changing feature enabled
Set-OwaMailboxPolicy OWAUsersPicPolicy -SetPhotoEnabled $True

Set the default policy to restrict the capability to upload pictures:

#Set the default OWA policy to not allow profile pics
Set-OwaMailboxPolicy Owamailboxpolicy-default -SetPhotoEnabled $False

Check for how many policies you have now:

#Get OWA Policies (Should see two policies now)
Get-OWAMailboxPolicy | FL Name

Result:

2016-01-18_15-56-43

Assign the new policy to admins:

#Assigning the newly created picture policy to the admins in the organization.
Set-CASMailbox -Identity "[email protected] -OwaMailboxPolicy OWAUsersPicPolicy

Normally you would never need this but still depending on your requirements if you wanted to apply the new policy (just change the policy name from the one list to the new one you created) or revert everything back to the default policy:

#Assign all users in the organization the default policy (Normally you will not have to do this)
Get-Mailbox -ResultSize Unlimited | Set-CASMailbox  -OWAMailboxPolicy Owamailboxpolicy-default

Check the policy against users to see what they are using:

#Check the policy against one of the users
Get-CASMailbox -Identity [email protected] | FL *OWA*

2016-01-18_16-17-44

You are done.

Now each user with the new policy will be able to upload their profile pics and users with the default policy will not be able to upload their pictures.

Picture dimensions:

I have used 96×96 based on the MSDN forum in the past but noticed a lot of pixelation in the contact cards. I was able to get 280 x 280 resolution to get a nice resolution profile pic.