User Profiles are an increasingly important part of a modern organisation.
While they have always been important as a (often underused) tool for finding staff and searching for people with certain skills, the changes in work practice wrought by the COVID-19 pandemic now mean that staff spend less time together physically, so have less opportunity to know their colleagues and create the social and personal links that team-building and socialisation rely on. The need to understand, use and maintain useful staff profiles has never been greater.
Since profiles are complex, and the spread of technologies in Microsoft 365 are wide and constantly evolving, there is inevitable complexity. Knowing what profile elements exist where and how both staff and admin should access them is important.
This blog runs through the profile scatter at a high level, so that we at least know where we should look.
Azure
Azure provides the core user identity and essential profile service for Microsoft 365 and beyond, via AAD (Azure Active Directory).
When creating a new user in AAD, you must add their Name and User Name (email address) as well as any Groups or Roles they should be in.
AAD also allows other ‘organisational information’ about the user to be added, specifically:
- Profile Picture
- First Name, Last Name, Maiden name
- Job Title, Department, Manager, Employee ID, Company Name
- Contact information (address, phone numbers)
- Minors and Consents
This is all useful stuff, but user profiles can, and should, go a lot further than the basics that AAD provides.
See: Manage user profiles in the SharePoint admin center – SharePoint in Microsoft 365 | Microsoft Docs
Access AAD profiles: https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers
Microsoft 365
Microsoft 365 provides an extend set of profile attributes, with the focus being on staff being able to add and extend their own information.
Update personal profile
Staff can update many of their own personal information (but not most of the things controlled in AAD) in the profile using the Delve profile page and selecting Me and Update profile. The pencil edit icon appears next to anything they are allowed to change in the main profile, generally contact information and broader profile information such as About me (personal biography), Projects, Skills and expertise, Schools and education, Interests and hobbies.
There is also a deeper level (also based on the pre-Modern UI) which you can get to from this URL: https://emicoltd-my.sharepoint.com//_layouts/15/editprofile.aspx?UserSettingsProvider. Custom Properties, if any, can be edited from the ellipsis (Custom Properties)
They can also set who can see the information via a small Globe icon.
There are multiple ‘ports of entry’ to the profile update page:
- Delve Me page (https://<tenantName>-my.sharepoint.com/person.aspx)
- Your account menu in Microsoft 365 (click your profile picture or initials)
- Any Microsoft 365 People card
Admin management of profiles
Microsoft 365 admins can manage core profile attributes from the Users | Active Users page in the Microsoft 365 admin center; specifically:
- User Name, email address
- Profile picture
- Display name (from Manage contact information, though normally this is locked and managed via Azure Active Directory).
SharePoint Online
SharePoint Server has its own user profile service, there are a few traces of that still to be found in SharePoint Online.
SharePoint User Profile Service
The SharePoint User Profile Service stores information about SharePoint users in a central location in SharePoint Server. It enables My Sites, social computing features such as social tagging and newsfeeds, and creating and distributing profiles across multiple sites and farms in on-premises and hybrid scenarios. It is largely deprecated in SharePoint Online, with Azure and the Microsoft 365 profile service (exposed via Delve and Profile Cards in SharePoint) taking on most of the functions it provided and exposing them to the Microsoft 365 Graph (‘The Graph’). Legacy support still exist and it can be used for things like custom profile properties.
Add and edit user profile properties in SharePoint
If your organization uses the cloud Identity approach then your user accounts are stored in Azure AD and admins manage user profile info in the Microsoft 365 admin center. You can also manage user profiles (including adding user pictures and defining user managers) in the Azure AD admin center.
See Add or change profile information for a user in Azure Active Directory.
Adding custom profile attributes
If you need to create custom user profile properties, such as languages spoken, emergency contact info, or sales account, you can use User Properties in SharePoint.
Use the More features page of the new SharePoint admin center, which uses the pre-modern SharePoint UI and profile service:
- Under User profiles, select Open.
- Under People, select Manage User Properties.
- Select New Property.
- In the Name box, enter a unique name for the property.
- In the Display Name box, enter the profile property name that will be displayed to all users. (This name doesn’t have to be unique.)
- In the Type list, select the data type for the property.
Note
If you select string (Multi Value), the property will be permanently set as a multi-valued property. You cannot change this setting after you select OK. You can only delete the property and add it again as a new single-value property. - If you selected binary, HTML, or string, use the Length box to enter the maximum number of characters allowed for property values.
- If you selected string and want to associate the profile property with a managed metadata term set, select Configure a Term Set to be used for this property. Then select a term set from the list.
- Make sure Default User Profile Subtype is selected so the default user profile subtype is associated with this user profile property.
- In the Description box, enter the instructions or information that is displayed to users about this profile property.
- In the Policy Settings section, select the policy setting and default privacy setting that you want for this property. Select the User can override box to enable users to override these settings.
- If you want users to be able to change this profile information for themselves, select Allow users to edit values for this property.
- In the Display Settings section, specify whether and how the property will be viewed by users.
- In the Search Settings section, select Alias if the property is the equivalent of a user’s name. For example, you might do this if you create a property for a “Stage name” and want searches for all documents by John Kane to return the same results as searches for the user’s real name. Select the Indexed if you want searches to return all the user profiles matching that property. For example, if you have a property for “University,” a search for that value would return all alumni from that university.
Note
The Alias check box is available only if you set the Default Privacy Setting > Everyone. - Select OK.
Note: Custom properties from Active Directory or Azure AD are not synchronized with SharePoint.
See https://docs.microsoft.com/en-us/sharepoint/add-and-edit-user-profile-properties
Bulk updates profiles and custom attributes
Many enterprises need to replicate custom attributes to the SharePoint user profile service, or do bulk set up for multiple members of staff. Microsoft provide a user profile bulk API, the UserProfile.BatchUpdate.API. PowerShell is the usual way of driving this, with a JSON import file holding the attributes to be set.
See: Bulk update custom user profile properties for SharePoint Online
See: Call the import API from PowerShell.
User Profile Sync
Microsoft SharePoint uses the Active Directory synchronization job to import user and group attribute information into the User Profile Application (UPA). When a new user is added to Azure Active Directory (Azure AD), the user account information is sent to the SharePoint directory store and the UPA sync process creates a profile in the User Profile Application based on a predetermined set of attributes. Once the profile has been created, any modifications to these attributes will be synced as part of regularly scheduled sync process.
From <https://docs.microsoft.com/en-us/sharepoint/user-profile-sync>
Properties that are synced into SharePoint user profiles
The following Azure AD user attributes are synced to the UPA.
Azure AD attribute | User profile property display names | Notes | Sync to sites |
UserPrincipalName | Account Name User Name User Principal Name | Example: i:0#.f <|> membership <|> gherrera@contoso.com gherrera@contoso.com | Yes |
DisplayName | Name | Yes | |
GivenName | FirstName | Yes | |
sn | LastName | Yes | |
telephoneNumber | Work phone | Example: (123) 456-7890 | Yes |
proxyAddresses | Work Email SIP Address | Work Email is set to the value prefixed with SMTP. (SMTP:gherrera@contoso.com) Example: gherrera@contoso.com | Yes |
PhysicalDeliveryOfficeName | Office | Yes | |
Title | Title Job Title | Job Title contains the same value as Title and is connected to a term set. | Yes |
Department | Department | Department is connected to a term set. | Yes |
WWWHomePage | Public site redirect | No | |
PreferredLanguage | Language Preferences | Used by SharePoint to determine language for the user when the multilingual user interface (MUI) feature is enabled. | Yes |
msExchHideFromAddressList | SPS-HideFromAddressLists | No | |
Manager | Manager | User Manager for organization hierarchy | Yes |
Note
UPA synchronization is limited to a preconfigured set of properties to guarantee consistent performance across the service.
See: About user profile synchronization – SharePoint in Microsoft 365 | Microsoft Docs
Viva
Microsoft is rapidly developing its Employee Experience platform, Microsoft Viva.
Topics will, almost certainly, be added to personal profiles, to better link people with content and colleagues and aid findability of skills by topic, while Viva Insights provides analytics on individual and team activity and productivity. It seems reasonable that profile information may be incorporated into the UI of Viva and that the Delve experience will be deprecated.
See: Employee Experience & Engagement | Microsoft Viva
Other Applications
Much of the Microsoft 365 user profile information is exposed through the Graph API and the Office 365 Users Connection provider. These let you get the current users profile or another user’s profile as well as related users (notably their manager and reports). There is good support for this in Power Automate, Power Apps, Logic Apps.
Then there is LinkedIn, which is being gradually embedded into the M365 stack and adds yet another profile source.
Final word – Profile Pictures
Profile pictures are really important – they not only help reinforce that you are working with a real person and let you recognise someone if you actually meet them in an office (remember those days), but having a picture of the person you are talking to actually improves engagement and empathy. Sadly, maintaining profile pictures is a bit more complex than you might expect. Different products (Experiences as Microsoft would have you call them) source the image from different places; the last time I checked it was:
Updating a profile in one place will, usually, update it everywhere, but it can take up to 72 hours.
I strongly recommend that everyone is encouraged to do this though.
See: Information about profile picture synchronization in Microsoft 365
Posted at https://sl.advdat.com/39KSuTR