Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Azure Active Directory|Microsoft Teams|Office|Office 365

Adding a Default Photo to Azure Active Directory Guest User Accounts

Guest Accounts Deserve to be Highlighted

Last year I wrote about how to add photos to the Azure Active Directory accounts created for guest users to make contributions from those users in apps like Teams more attractive. The article prompted a reader to ask if it was possible to set a default photo for guest accounts to use instead of the two-initial logo (for example, TR for Tony Redmond) that apps otherwise display.

The answer is “yes” if you’re willing to use PowerShell and run the Set- AzureADUserThumbnailPhoto cmdlet to add a default photo to all guest accounts. Let’s see how it’s done.

Visual Warning for Collaboration

The idea is to create a visual clue for tenant users that a person they communicate with in apps like Office 365 Groups, Planner, and Teams is not part of the company. In effect, we want to highlight the need for our users to be careful when sharing information with guests in case something confidential leaks.

Thinking About a Script

In approaching the problem, it’s important not to overwrite photos that might already exist for guest accounts. If a photo has been uploaded for a guest account, it’s likely there for a good reason and we should leave it alone unless told otherwise.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

The outline for our code is clear. Find guest accounts in the tenant and check each to see if it already has a photo. If not, update the account with the default photo. Here’s the PowerShell script that I came up with:

$Guests = Get-AzureADUser -Filter "Usertype eq 'Guest'" -All $True
ForEach ($Guest in $Guests) {
   # Does a photo exist?
   $PhotoExists = $Null
   Try {$PhotoExists = Get-AzureADUserThumbnailPhoto -ObjectId $Guest.ObjectId }
       Catch {  # Nope - so update account with default picture
       Write-Host "Photo does not exist for" $Guest.DisplayName "- updating with default guest logo"
       Set-AzureADUserThumbnailPhoto -ObjectId $Guest.ObjectId -FilePath C:\Temp\DefaultGuestPicture.jpg  }}

The Effect of a Default Photo

The script doesn’t take long to run. The longest part in the process is the background synchronization between Azure Active Directory and the Office 365 apps, which can take anything from a few minutes to many hours depending on service load and workcycle scheduling. Be patient and the default photos will make their way to the apps and start to appear.

Figure 1 shows the intended effect. In this case, I have an Office 365 Group used by 50 MVPs, all who are guests in my tenant. Photos are already present for some guests and now we see that OWA displays the default photo for the others. It would be nicer to have individual photos for each guest, but at least I now have a nice visual indicator of a guest’s status (everyone trusts an MVP, right?).

How a default picture for guest accounts show up in OWA
Figure 1: How a default photo for guest accounts show up in OWA (image credit: Tony Redmond)

Ongoing Maintenance

Running a script is a one-time operation to update guest accounts that don’t already have a photo. To be effective, you should run the script every week or so to find and update newly added guest accounts.

I’m always amazed when administrators tell me that they don’t like PowerShell and won’t use it to help manage Office 365. Scripts fill in the gaps left by Microsoft or improve functionality to make life just a little easier, as in this case.


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He covers Office 365 and associated technologies for and is also the lead author for the Office 365 for IT Pros eBook, updated monthly to keep pace with change in the cloud.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: