Image by Jon Moore on Unsplash
I’m creating a couple of solution these days which will list Office 365 Groups, both public and private, as well as Groups you don’t have access to. Much like the discover function you have in Outlook, except with added filtering on custom metadata for the groups.
Querying for Office 365 Groups using the Microsoft Graph is quite easy, but retrieving an image URL for the groups logo, is inherently hard, especially if you don’t have access to the group.
The available options as far as I have discovered are as follows:
- Retrieve the image blob from the MS Graph, and get the base64 encoded version using JavaScript. This always works, but you potentially end up with many Graph calls. If this call was not a REST call, but could be used as an image URL directly, there would be no problem at all.
https://graph.microsoft.com/v1.0/groups/<group id>/photo/$value
- If the user have an active session against Outlook Web, you can call https://outlook.office365.com/EWS/Exchange.asmx/s/GetUserPhoto?email=group@email.address
However, if the user does not have an active session, it fails.
- If the user have an active session against Planner, you can call
https://tasks.office.com/innovationnorway.onmicrosoft.com/Groups/GetGroupPhoto?groupId=<groupid>
However, if the user does not have an active session, it fails.
- Link to the Groups logo via the SharePoint site
https://tenant.sharepoint.com/teams/YourGroup/SiteAssets/__siteIcon__.jpg
As long as you have access to the site it works, if not, well, the image won’t load
A forth option is also possible, but you need to consider if this will potentially be a security issue for you.
Enter SharePoint Online CDN
Office 365 comes with a handy CDN capability for SharePoint, and the idea is to expose the SiteAssets library of the sites via the public CDN endpoint. This means that any user can access the site logo via SharePoint without having explicit rights to the site.
And this is where there could be security concern. If a user knows the name of an image in SiteAssets of a site he/she does not have access to, the file can be accessed via the CDN URL. The following file types are by default exposed via the public CDN: CSS,EOT,GIF,ICO,JPEG,JPG,JS,MAP,PNG,SVG,TTF,WOFF. I’m no security expert, but I would say the security risk is low.
Once the public CDN is set up correctly using the steps below, you will be able to access a groups logo via the URL: https://publiccdn.sharepointonline.com/tenant.sharepoint.com/teams/mygroupsite/siteassets/__siteicon__.jpg
# SPO management commandlets - https://www.microsoft.com/en-us/download/details.aspx?id=35588 # Connect to your tenant Connect-SPOService https://contoso-admin.sharepoint.com # Enable public CDN on the tenant Set-SPOTenantCdnEnabled -CdnType Public -Enable $true # Add SiteAssets libraries to the CDN Add-SPOTenantCdnOrigin -OriginUrl */SITEASSETS -CdnType Public
It takes a little while before the CDN is working, so be patient. You can call Get-SPOTenantCdnOrigins -CdnType Public, and check the status.
You can also enable CDN using the Office 365 CLI, a cross platform interface for managing different aspects of Office 365.