question

BKyle-0576 avatar image
0 Votes"
BKyle-0576 asked BKyle-0576 edited

How to allow external/guest users to view profile pictures

We're using SharePoint Online as a portal for our clients, who have been invited to our Azure environment, and would like the clients to be able to see the Office 365/Outlook profile pictures of our employees. I'm using PnPjs to retrieve the photo and it works fine when our employees are logged in. They can view profile pictures of other employees. When a client is viewing the SharePoint site, PnPjs throws a 401 Unauthorized error when retrieving the picture.

I parsed the token while logged as a test external account (using an @outlook.com email but the clients will be using their company email) and the token has the following scopes

User.Read

User.Read.All

User.ReadBasic.All

profile

openid

email

in Azure, our Guest User Access is set to "Guest users have limited access to properties and memberships of directory objects".

Is there something I'm missing? Or is this how it's supposed to work? Thanks.

sharepoint-dev
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

michev avatar image
1 Vote"
michev answered

You cannot, profile pictures are not exposed externally/without authentication.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RaytheonXie-MSFT avatar image
1 Vote"
RaytheonXie-MSFT answered BKyle-0576 edited

Hi @BKyle-0576 ,
As far as I know, there is no such function for external users to access user profile. External users can only share with documents, data, and lists. The highest permission of external user can't access sharepoint admin center user profile too. You can refer to following documents.
https://docs.microsoft.com/en-us/microsoft-365/solutions/collaborate-in-site?view=o365-worldwide

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



· 6
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BKyle-0576 avatar image BKyle-0576 ·

@RaytheonXie-MSFT

Thank you for your response. I saw this Graph API article about getting permission without a user Can I use this method in C# in an ASP.NET MVC Web API to retrieve the picture using server side code instead of on the client via PnPjs? As you can see from the scopes in my previous comment, we have already added the User.Read.All Application permission but I don't see anything in the documentation that says I can get the photo with that scope.


0 Votes 0 ·
RaytheonXie-MSFT avatar image RaytheonXie-MSFT BKyle-0576 ·

Hi @BKyle-0576 ,
It's not possible to get all user's profile by external user. If you want to grant User.Read.All permission, you need to rely on an administrator account. External user can't be granted administrator permission.

0 Votes 0 ·
BKyle-0576 avatar image BKyle-0576 RaytheonXie-MSFT ·

@RaytheonXie-MSFT Are you sure it's not possible? Why does this link say that the default guest permission allows it to read photos? https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions

Read display name, email, sign-in name, photo, user principal name, and user type properties of other users and contacts

Also, several people in this thread said it worked before and then stopped working at one point. One of the Microsoft forum employees said they were able to recreate the issue and were going to talk to the team about it. That was back in December. https://docs.microsoft.com/en-us/answers/questions/671372/unable-to-retrieve-photos-from-the-graph-api.html

I have reproduced your problem using a guest user. I think this is an unknown error and I need to discuss it with the team.



0 Votes 0 ·
Show more comments