LinkedIn Connector for Office 365 Uses Group to Control Users Allowed to Access Contacts

Connecting LinkedIn to Office 365 with Just a Bit of PowerShell

In October 2018, I wrote about the process of connecting Office 365 accounts to LinkedIn accounts so that Office 365 can fetch LinkedIn information about contacts and include it in Office 365 people cards. At that time, tenant administrators had to define a list of individual users allowed to use the LinkedIn connection in Azure Active Directory. This implementation worked, but it was clearly inefficient for larger organizations where thousands of people might want to use LinkedIn. Microsoft therefore announced on April 25 (MC178371) that access is granted to members of a specific group rather than individual users.

The change makes sense. It’s easier to update membership of a security group than inputting lists of individual users into the Azure portal, if only because you can update group membership with PowerShell.

New Security Group Required

The change means that you must create a new security group in Azure Active Directory. If preferred, you can use a distribution list or Office 365 group instead, but a security group is better because it doesn’t show up in the GAL. You can’t use a dynamic group.

Once the group is selected, you can add users who currently have access to LinkedIn today (because they were assigned individual access) to the group by fetching the membership using an Azure app. The result is a set of GUIDs for the accounts (Figure 1).

A list of GUIDs for the accounts allowed to access LinkedIn
Figure 1: A list of GUIDs for the accounts allowed to access LinkedIn

Updating Group Membership with PowerShell

Clicking the link to export the GUIDs to a CSV file creates a file called Users.CSV in the workstation’s Downloads folder. The file is supposed to contain the GUIDs but several attempts to create a populated file failed using Chrome, Edge (Chrome), and Internet Explorer. I eventually gave up and updated the membership of the security group using PowerShell.

——–                             ———–          ———–

After some quick cut and paste, all of the previous users who had access were added to the group. I verified the membership was correct with:

Updating Azure with the Security Group

With a fully populated group, I went to the Azure Active Directory portal and updated the User settings to make sure that the correct group was selected (Figure 2).

Updating Azure Active Directory with the group to control LinkedIn connections
Figure 2: Updating Azure Active Directory with the group to control LinkedIn connections

All we’ve done so far is replace the set of individual LinkedIn connection assignments with a security group whose membership controls who can access LinkedIn data from Office 365. It’s worth emphasizing that individual users must still approve their connection to LinkedIn before Office 365 can retrieve and display contact data.

Updating the Security Group to Add More People for LinkedIn Access

The important thing is that because access is now controlled by a security group, we can easily update the membership of that group to assign access to additional people. For instance, here’s how to assign access to every mailbox in a tenant.

You’ll see errors if you try to add a member that already exists in the group. A check to see if a member already exists would solve the problem, but this code is just for illustrative purposes. Clearly, it’s possible to create all sorts of filters to control who gets access if you wish.


For more information about the LinkedIn connection to Office 365, see Chapter 3 of the Office 365 for IT Pros eBook.

Advertisements

One Reply to “LinkedIn Connector for Office 365 Uses Group to Control Users Allowed to Access Contacts”

Comments are closed.