Hi @Curiious !
I did a quick search over Azure AD’s documentation and things seem to be in the same state as when I wrote the article 5 years ago: Azure AD doesn’t provide the standard picture claim with a URL in the ID Token (or even in the profile endpoint), as others identity providers do, so Auth0 falls back to the gravatar picture.
You guess correctly that the MS Identity Platform v2 implementation for Azure AD connections does not store the AAD access token for you to use. So if you really need the picture the only option is to go back to the “Azure Active Directory (v1)” strategy and fetch the picture in a rule as I described in the linked article.
3 Likes