Assign licenses to a group instead of user in Office 365/Azure

Ah, the joys of licensing in Office 365. Without a license, there is no just no fun in Office 365, you have no services available and without a service no option to be productive. There is a lot to be said about licensing in Office 365. You have license bundles like E3, E5, Microsoft 365 etc. that contain a bunch of services. You need to make sure you give people the right services they actually need to do their job. There are a lot of debates about whether you want to open all the services for all the users or not. Just based on these statements you can tell that assigning the right license is a very important task. To make this task a little more complex there wasn’t really a way to automate managing licenses to users except for PowerShell. Think about it, AAD Connect synchronizes your users, contacts, and groups with all their attributes from your on-premises but there was no option to manage the license assignment.

Until now.

Azure Active Directory, one of the most overlooked and underestimated services attached to Office 365, has the possibility to assign licenses to a group. Since the documentation is excellent, thank you Microsoft, I don’t think it makes sense for me to go into detail in the how.¬†https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign

Side Note: this functionality is only available (for now) is the Azure Portal, not in the Office 365 Portal

AutoUpdate based on membership

What is very interesting is that licenses are kept up to date when user memberships change for the group, the licenses for those users are updates as well. This methodology allows you to manage your licenses (and therefore your active services) by adding and removing users to and from groups.

Migration from direct to inherited through groups 

How do you convert from direct to group based? There are like always multiple methods but something that I like to use is this structure.

  1. Create your groups and make them available in your Azure Portal (e.g. with AADConnect when sync is needed)
  2. Setup your license assignment per group
  3. Add your users to the groups and sync if needed
  4. Check for conflicting licenses (see next paragraph) and solve them
  5. Remove the direct licensing

Conflicting licenses

Unfortunately, there are licenses that don’t like being together, these will cause licensing conflicts. Luckily when there is a licensing conflict the original license will stay in place and you have time to fix it. An overview of the license SKUs and which one will cause conflicts can be found here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-service-plan-reference

PowerShell for Group Licensing

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-ps-examples

Advertisements