Before the people directory can read pictures from the Azure AD, you need to give permissions to do so.
Here is how to do that:
- Go to portal.azure.com and log in with administrative rights
- Click on the Active Directory
- On the left panel, select App Registrations
- Under All Applications category, find the app named “SharePoint Online Client Extensibility Web Application Principal” as shown below.
- Click on the app link
- From the left panel, select the API Permission
- Add new Delegated permission " User.ReadBasic.All" as shown below
The result will show up in the list of permissions like this:
Finally, you will need to grant admin consent so that users are not prompted each time they load a People Directory. To grant admin consent:
- Click the [Grant admin consent … ] link as shown below
- Click Yes and confirm that permission has been granted:
Give it a few minutes for this change to propagate in your tenant for the Staff Directory to resume work.