Confusion with Entra ID tenant and Microsoft Account

Karl Gardner 195 Reputation points
2024-07-18T01:33:34.3133333+00:00

Hello,

I went through the following training module: https://learn.microsoft.com/en-us/training/modules/msgraph-user-photo-information/1-introduction

and it seems to be working with the profile picture I put in my Entra ID tenant (with global administator kgardner3300_gmail.com#EXT#@kgardner3300gmail.onmicrosoft.com)

User's image

and running the node.js application with local host: User's image

However, I expected to get back a different profile photo that I had in my original Microsoft account that I used to create the azure account (******@gmail.com):User's image

Would this not be the same account? Seems like the ******@gmail.com may be my personal microsoft 365 account that is not associated with the Entra ID tenant?

Thanks!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
0 comments No comments
{count} votes

Accepted answer
  1. CarlZhao-MSFT 46,376 Reputation points
    2024-07-18T07:56:57.9233333+00:00

    Hi @Karl Gardner

    The kgardner3300_gmail.com#EXT#@kgardner3300gmail.onmicrosoft.com account is actually the work identity of the ******@gmail.com account.

    When you create a tenant with your personal account "******@gmail.com", your personal account will be treated as the root account of the new tenant, and it will be automatically assigned the global administrator role and work domain, and it will be a work account at this time.

    Although both identities are different manifestations of your same account, Entra ID treats them as two different accounts and they have different access rights.

    Therefore, the photo of your account's "personal" identity will not be synchronized to its "work" identity. You need to upload a new photo for your user's work identity in Entra ID, which is why your user has two different photos.

    In summary, if you want to get the photo of your user's "personal" identity, you need to log in to the multi-tenant application using the /common endpoint. Conversely, if you want to get the photo of your user's "work" identity, you need to log in to the multi-tenant application using the /{tenant_id} endpoint.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.