Here’s a preview of the new Sender Photo feature that is enabled by default for all Outlook Live and Exchange Online users after the December 2011 Service Update. We’ve included some guidance on how to configure Sender Photo and how to disable it (in case a school requires that it be disabled).
The Sender Photo feature is enabled by default for all Outlook Live and Exchange Online users after the December 2011 Service Update. If you’ve not yet received the update, then please know that it is coming soon. The updates should be completed by April 2012.
For additional information, please see Service Updates for Office 365 for enterprises and education.
To confirm the current configuration, Connect Windows PowerShell to the Service and run the following Get-OwaMailboxPolicy command. The results will be slightly different for Outlook Live or Exchange Online.
View Sender Photo Settings in Outlook Live (Live@edu)
Get-OwaMailboxPolicy | FL Name,DisplayPhotosEnabled,SetPhotoEnabled,SetPhotoURL
View Sender Photo Settings in Exchange Online (Office 365 for education)
The DisplayPhotosEnabled, SetPhotoEnabled, and SetPhotoURL attributes make up part of an OWA Mailbox Policy. An OWA Mailbox Policy is assigned to each user mailbox.
In Outlook Live, a user mailbox will have either OwaMailboxPolicy-DefaultMailboxPlan or OwaMailboxPolicy-GalDisabledMailboxPlan. The OWA Mailbox Policy is set on the mailbox at the time of creation and corresponds to the original Mailbox Plan, e.g. DefaultMailboxPlan or GalDisabledMailboxPlan.
In Exchange Online, a user mailbox may have OwaMailboxPolicy-Default or may have a custom OWA Mailbox Policy. Exchange Online Administrators can create new policies using the New-OwaMailboxPolicy cmdlet and can assign policies to user mailboxes using the Set-CASMailbox cmdlet.
An Outlook Live or Exchange Online Administrator can restrict the Sender Photo in OWA feature:
Disable Sender Photo in OWA on Outlook Live (Live@edu)
With Outlook Live, there are two OWA mailbox policies, OwaMailboxPolicy-DefaultMailboxPlan and OwaMailboxPolicy-GalDisabledMailboxPlan.
An Outlook Live administrator can change the settings of these existing OWA mailbox policies with the Set-OwaMailboxPolicy cmdlet, However, an Outlook Live administrator cannot create new policies with the New-OwaMailboxPolicy cmdlet and cannot assign a different policy to an existing user mailbox with the Set-CASMailbox cmdlet.
What does this mean? An Outlook Live admin is limited to using the two built-in policies and cannot change the existing policy assigned to a user mailbox. If a mailbox is created using the DefaultMailboxPlan and is later changed to the GalDisabledMailboxPlan, the mailbox may still have the OwaMailboxPolicy-DefaultMailboxPlan OWA mailbox policy assigned to it.
The following Remote PowerShell commands disable (for all mailbox-enabled users) the ability to change the picture and the ability to view Sender Photos in OWA.
The following Remote PowerShell commands enable (for some mailbox-enabled users) the ability to change the picture and the ability to view Sender Photos in OWA. And it disables Sender Photo for mailboxes with the OwaMailboxPolicy-GalDisabledMailboxPlan assigned to the mailbox.
Disable Sender Photo in OWA on Exchange Online (Office 365 for education)
An Exchange Online administrator can change the settings of this existing OWA mailbox policy with the Set-OwaMailboxPolicy cmdlet. And, an Exchange Online administrator can create new policies with the New-OwaMailboxPolicy cmdlet and can assign a different policy to an existing user mailbox with the Set-CASMailbox cmdlet.
What does this mean? An Exchange Online admin could create multiple custom policies and apply a different policy to multiple subsets of users. NOTE: While this does allow for some additional flexibility, it can be more difficult to manage over time.
The following Remote PowerShell commands disable (for all mailbox-enabled users) the ability to change the picture and the ability to view Sender Photos in OWA (assumes there aren’t already any custom OWA mailbox policies in use).
The following Remote PowerShell commands enable (for some mailbox-enabled users) the ability to change the picture and the ability to view Sender Photos in OWA by creating a new OWA mailbox policies and assigning it to user mailboxes. And it disables Sender Photo for mailboxes with the OwaMailboxPolicy-GalDisabledMailboxPlan assigned to the mailbox.
For additional information, please see Create and Assign Outlook Web App Mailbox Policies in Office 365.
// Create a new policy. New-OwaMailboxPolicy –Name OwaMailboxPolicy-Unrestricted;
// Configure the policies. Set-OwaMailboxPolicy –Identity OwaMailboxPolicy-Default –DisplayPhotosEnabled $false –SetPhotoEnabled $false; Set-OwaMailboxPolicy –Identity OwaMailboxPolicy-Unrestricted –DisplayPhotosEnabled $true –SetPhotoEnabled $true;
// Assign the new policy. Set-CASMailbox –Identity email@example.com –OwaMailboxPolicy OwaMailboxPolicy-Unrestricted; Set-CASMailbox –Identity firstname.lastname@example.org –OwaMailboxPolicy OwaMailboxPolicy-Unrestricted;
NOTE: You may receive an error message while creating the first custom policy, e.g. “This operation is not allowed for the organization with disabled customizations.” For additional information, please see Enable-OrganizationCustomization.
Prior to configuring the Sender Photo feature, it may be useful to generate some reports on the current status of the environment.
For example, an administrator might ask some basic questions, e.g. “If I enable Sender Photo for an OWA mailbox plan, what users will have Sender Photo enabled?” or “What users have already uploaded Sender Photos?”
View the OWA mailbox policy assigned to user mailboxes
The following Remote PowerShell commands will return the OWA mailbox policy that is currently assigned to user mailboxes that begin with the letters ‘a’, ‘b’, ‘c’ and ‘d’.
View the Picture status of user mailboxes
The following Remote PowerShell commands will help determine whether or not users have a Sender Photo. It lists the HasPicture property of all mailboxes that begin with the letters ‘a’, ‘b’, ‘c’ and ‘d’.
Questions about the previous PowerShell commands
Questions: “Why are we only reporting on mailboxes that begin with the letters ‘a’, ‘b’, ‘c’ and ‘d’? Why not use a pipeline and get ALL mailboxes at the same time?”
Example with Pipelining:
Get-Recipient –RecipientType UserMailbox –ResultSize unlimited | Get-CASMailbox | Select Name,PrimarySmtpAddress,OwaMailboxPolicy; Get-Mailbox –ResultSize unlimited | Select Name,PrimarySmtpAddress,HasPicture;
Answer: Outlook Live and Exchange Online tenants (especially large tenants) will experience throttling and/or memory issues in PowerShell when piping large collections, lists or arrays. Using Filter to add a smaller collection of objects to a variable and using a foreach loop to execute a small script block is more efficient.
Question: “Doesn’t this mean that I will have to execute multiple commands in order to get the results for ALL mailboxes?”
Answer: Maybe. But the overall job may complete much faster this way.
Question: “Isn’t there a better way?”
Answer: Absolutely. One “better way” might be to create a script the runs the smaller batches in a specific order and exports the results to multiple CSV files, e.g. AThruD.csv, EThruH.csv, IThruL.csv. Another “better way” might be to open up multiple PowerShell sessions, and runs a different batch in each session. Or use Import-CSV instead of Get-Recipient/Get-Mailbox (requires a CSV file of mailbox Identities). Or…
Do you have a “better way” to generate reports with PowerShell? We’d love to hear it! Leave us a Comment below.
With DisplayPhotosEnabled $true and SetPhotoEnabled $true, an Outlook Live or Exchange Online mailbox-enabled user can add, change, and remove an image in Outlook Web App by selecting “Change Picture” from the menu in upper-right corner of OWA.
If the SetPhotoURL parameter is set to $null in the OWA mailbox policy assigned to the user’s mailbox (this is the default), then the user will see the following “Change Picture” dialog box.
For Exchange Online tenants, if the SetPhotoURL parameter is set to https://portal.microsoftonline.com/EditProfile.aspx, the user will be redirected to the “My profile” dialog in the Office 365 Portal. According the this Help Article here, the My profile picture ”will appear in all services that display a photo.”
In our testing, the My profile pictures are not currently sync’ing from the Office 365 Portal to Exchange Online. Coming soon?
If a school use directory synchronization, e.g. OLSync or DirSync, the Sender Photo can be sync’d from on-premises Active Directory. The photo stored in the thumbnailPhoto AD attribute is “pushed” to Outlook Live or Exchange Online. This allows for centralized management of Sender Photos from Active Directory.
In this scenario, the user or admin requires a method to set the photo in AD.
One recommendation is to deploy an Internet-facing website that allows a user to set one’s photo in on-premises AD. The URL for this website can be added to the OWA mailbox policy using the SetPhotoURL parameter. The website will set the photo in on-premises AD, and OLSync or Dirsync will synchronize the photo to Outlook Live or Exchange Online.
If an Internet-facing website is not an option, there are additional ways to add a user’s photo to your on-premises AD.
A quick search on Bing for ‘thumbnailPhoto AD’ (or something similar) should return many options, e.g. third-party tools and various scripts.
The following Windows PowerShell commands will set a user’s photo in on-premises AD using the ActiveDirectory module available on Windows Server 2008 R2. This script could be slightly modified to add user photos in bulk.
NOTE: Sync’ing photos with OLSync is not configured by default. It requires changes to the OLSync Hosted MA. The changes are relatively minor. Basically, create an export flow for mailboxes in Configure Attribute Flow of the Hosted MA, e.g. Picture (Hosted) <— thumbnailPhoto (MV).
There is a little bit more to it, so we’ll update this post when we have some screenshots. In the meantime, you can Contact Us for additional information.
Thanks for joining us today!
How do individual users prevent Sender Photos from appearing for all users in OWA?
In the OnPremise MA, go to Select Attributes, click the Show All ,and check to see that thumbnailPhoto is selected.
If thumbnailPhoto is not selected, then select it.
In Configure Attribute Flow, select the Data source object type User (or expand the Object Type: user).
Scroll down until you find the attribute named thumbnailPhoto.
If it doesn’t already exist, create an new Direct Import attribute flow for (OnPremise) thumbnailphoto (Metaverse) thumbnailPhoto