Enabling People Directory to read pictures from Azure AD

Before the people directory can read pictures from the Azure AD, you need to give permissions to do so.
Here is how to do that:

  1. Go to portal.azure.com and log in with administrative rights
  2. Click on the Active Directory
  3. On the left panel, select App Registrations
  4. Under All Applications category, find the app named “SharePoint Online Client Extensibility Web Application Principal” as shown below.


  1. Click on the app link
  2. From the left panel, select the API Permission
  3. Add new Delegated permission " User.ReadBasic.All" as shown below

The result will show up in the list of permissions like this:

Finally, you will need to grant admin consent so that users are not prompted each time they load a People Directory. To grant admin consent:

  1. Click the [Grant admin consent … ] link as shown below


  1. Click Yes and confirm that permission has been granted:

Give it a few minutes for this change to propagate in your tenant for the Staff Directory to resume work.