Update profile photo update permissions.

The docs are outdated. Both groups & user uploads work for personal accounts in MsGraph. Group updates can be executed with application token. Also listing the correct least privileged scope, newly introduced ProfilePhoto.ReadWrite.All, which only affects photo resource.
microsoftgraph · Jul 31, 2024 · 3e24c73 · 3e24c73
1 parent 02f09b6
commit 3e24c73
Showing 1 changed file with 7 additions and 8 deletions.
diff --git a/api-reference/v1.0/api/profilephoto-update.md b/api-reference/v1.0/api/profilephoto-update.md
@@ -35,9 +35,9 @@ The following tables show the least privileged permission or permissions require
 <!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 |Permission type      | Least privileged permissions             | Higher privileged permissions             |
 |:--------------------|:-----------------------------------------|:------------------------------------------|
-|Delegated (work or school account)      |   Group.ReadWrite.All           | Not supported. |
-|Delegated (personal Microsoft account)      |   Not supported.            | Not supported. |
-|Application      |    Not supported.           | Not supported. |
+|Delegated (work or school account)      |    ProfilePhoto.ReadWrite.All, Group.ReadWrite           | Group.ReadWrite.All |
+|Delegated (personal Microsoft account)      |   Group.ReadWrite            | Not supported. |
+|Application      |    ProfilePhoto.ReadWrite.All           | Group.ReadWrite.All |
 
 ### To update the profile photo of a team
 
@@ -53,14 +53,13 @@ The following tables show the least privileged permission or permissions require
 <!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 |Permission type      | Least privileged permissions             | Higher privileged permissions             |
 |:--------------------|:-----------------------------------------|:------------------------------------------|
-|Delegated (work or school account)      |   User.ReadWrite | User.ReadWrite.All           |
-|Delegated (personal Microsoft account)      |   Not supported.            | Not supported. |
-|Application      |    User.ReadWrite.All           | Not supported. |
+|Delegated (work or school account)      |   ProfilePhoto.ReadWrite.All, User.ReadWrite | User.ReadWrite.All           |
+|Delegated (personal Microsoft account)      |   User.ReadWrite            | Not supported. |
+|Application      |     ProfilePhoto.ReadWrite.All           | User.ReadWrite.All |
 
 > [!NOTE]
 >
-> - An app with only application permissions cannot update a group's photo.
-> - Global admin and User admin can update the photo of any user in the organization by using delegated permissions. This operation is also supported with application permissions. Updating the photo of any user in the organization requires *User.ReadWrite.All* permission. Updating the photo of the signed-in user only requires *User.ReadWrite* permission.
+> - Global admin and User admin can update the photo of any user in the organization by using delegated permissions. This operation is also supported with application permissions. Updating the photo of any user in the organization requires *ProfilePhoto.ReadWrite.All* or *User.ReadWrite.All* permission. Updating the photo of the signed-in user only requires *User.ReadWrite* permission.
 > - Updating a user's photo using the Microsoft Graph API is currently not supported in Azure AD B2C tenants.
 
 ## HTTP request