Disable showing Gravatar images for users outside of your enterprise.

Why This Matters

Showing Gravatar images for users outside your enterprise can expose internal user identities and email addresses to unauthorized parties. This information leakage may aid social engineering or reconnaissance attacks against your organization. Disabling this feature ensures that only authenticated and authorized user profile images are displayed within Azure DevOps.

What Aether365 Checks

Aether365 verifies that the Azure DevOps organization setting to display Gravatar images for external users is disabled. This check appears in the Aether365 dashboard under the microsoft-365 security checks category.