Update profilephoto

Namespace: microsoft.graph


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Update the photo for any user in the tenant including the signed-in user, or the specified group or contact. Since there is currently a limit of 8MB on the total size of each REST request, this limits the size of the photo you can add to under 8MB.

Use only PUT for this operation in the beta version.

Note: When updating the user photo, this operation first attempts to update the photo in Microsoft 365. If that fails (due to the user not having a mailbox), this API will attempt to update the photo in Azure Active Directory.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Profile photo of the signed-in user:
User.ReadWrite, User.ReadWrite.All

For group resource:

For contact resource:
Delegated (personal Microsoft account) Not supported.
Application For user resource:

For group resource:

For contact resource:

Note To update the photo of any user in the organization, your app must have the User.ReadWrite.All application permission and call this API under its own identity, not on behalf of a user. To learn more, see get access without a signed-in user. Updating the photo of the signed-in user only requires User.ReadWrite permission.

Note: There is currently a known issue with accessing group photos using application permissions.

HTTP request

PUT /me/photo/$value
PUT /users/{id | userPrincipalName}/photo/$value
PUT /groups/{id}/photo/$value
PUT /me/contacts/{id}/photo/$value
PUT /users/{id | userPrincipalName}/contacts/{id}/photo/$value
PUT /me/contactfolders/{contactFolderId}/contacts/{id}/photo/$value
PUT /users/{id | userPrincipalName}/contactfolders/{contactFolderId}/contacts/{id}/photo/$value

Request headers

Header Value
Authorization Bearer {token}. Required.
Content-Type image/jpeg. Required.

Request body

In the request body, include the binary data of the photo in the request body.


If successful, this method returns a 200 OK response code.



Here is an example of the request.

PUT https://graph.microsoft.com/beta/me/photo/$value
Content-type: image/jpeg

Binary data for the image


Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK