Azure AD Group-Based License Management For Office 365

It’s finally here! At least in public preview…

The ability to allocate Office 365 licenses via groups is now available for everyone to use. This has been a long-awaited feature, up until now licenses have either been applied manually via the portal, or via scripts/3rd party software with logic applied for automation.

Now, you can automatically apply and manage license allocation using whatever logic you like. You can create on-premise AD groups, apply a license set to the groups, and members will be allocated the relevant licensing. If that doesn’t work for you, there’s also cloud based Dynamic Groups which let you use whatever logic you can come up with to add members to the group. You could do it on something like a department name, or use an extension attribute and populate that based on what license you want to allocate.

The above link covers a lot of information about how to deploy this. At the time of writing, I couldn’t get to the Azure Licensing page by searching for the word ‘Licensing’, and instead had to use a direct link: https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products

I’ve already deployed it, it seems to work quickly and without issue.

 

Once you’re done, you’ll need to remove the Office 365 licenses applied manually. This TechNet article shows the commands to use for removal. I used this:

$Users = Get-MsolUser -All | where {$_.isLicensed -eq $true}; $Users | foreach {Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -RemoveLicenses "litwareinc:ENTERPRISEPACK"}

This removes licenses from all your users, to be more specific add extra criteria to the first ‘Get-MsolUser’ command. Also note you need to swap ‘litwareinc’ with your tenant ID, and ENTERPRISEPACK with whichever license you’re removing. I’d recommend testing on one account first!

To see what your tenant’s license options are just use:

Get-MsolAccountSku

And you’ll see a list of the license options along with existing allocations.

If you have any questions please comment below.

5 thoughts on “Azure AD Group-Based License Management For Office 365

  1. When removing the manually applied license, will it still remove the mailbox? If so, I assume there will be loss of data?

    1. You can have a double up of licenses, so apply the group License then remove the individual. The Azure interface will clearly show the source(s) of the licenses, if they’re direct or inherited from a group.

  2. Late comment but interesting thing. We’re trying to find a way to assign the “audio conference” license but it won’t do it unless the user gets a S4B Plan 2 at the same time. We have an upstream process where a user cannot request the audio conference license unless he has an E3 so we hoped that would cover it but it seems not.
    Is there a way around it?

    1. I don’t have voice in the Office 365 instances I have access to sorry – it is in preview I believe so could be a bug. Check out uservoice https://feedback.azure.com/forums/169401-azure-active-directory in case it’s a feature request, or use the feedback option on the doco page https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-whatis-azure-portal it’s log a call – if you’re on twitter tweet out a link and let me know, happy to RT and draw attention to it!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.