Yes, in Exchange 2013, users were given the ability to edit their user pictures that is stored in the LDAP for display on their profile across Microsoft’s suite of products.
Seems like a harmless function right? Microsoft is so desperate to be viewed as a ‘cool social media like product’ that users will take advantage of the customizable settings. Well, if left unchecked, the user photos quickly become a mixture of Kittens, logos, TV characters, and borderline raunchy images. No good, especially since users have NO IDEA that these images might be viewed by outside entities. Highly unprofessional!!!
So the Goal here is to allow the use of Photos that the Admin or a security person can upload into LDAP, let users view the photos, but keep users from changing the photo.
The only way I’ve found to do this is by using a mailbox policy.
Open up a powershell session on exhcange 2013 and run the following.
1st we set list the mailbox policies and set the option to enable photos to False.
2nd we apply the policy to all mailboxes.
Get-OWAMailboxPolicy | set-owamailboxpolicy -setphotoenabled:$false Get-CASMailbox -ResultSize Unlimited | Set-CASMailbox -OWAMailboxPolicy Default
To test, sign into OWA as a user and check the 2 spots where users can change photos and ensure the options to edit photos are gone.
1) Under the Photo in the main display.
2) User User’s profile options in the ‘My account’ page.
NOTE: Be aware, that the last time I updated a Cumulative Upgrade, these settings reverted back to the default behavior and I had to re-apply the mailbox policy.