When it comes to license assignments for Microsoft’s collaboration platform, there’s a better automation method than PowerShell.
PowerShell can help with certain jobs, but the license assignment process for Microsoft 365 and Office 365 users can be convoluted and confusing. Different PowerShell modules manage licenses for different services. This does not scale for enterprises with hundreds — or thousands — of users. Group-based licensing is the key to streamlining provisioning because it automates the process in Azure Active Directory rather than resorting to manual administration of individual users.
Some companies juggle a lot of Microsoft subscriptions outside of the Office 365 plans, such as Dynamics 365, different security products, Microsoft Purview Information Protection, Power Platform and other SKUs. Managing those license assignments is a challenge for IT departments.
The traditional approach has been to assign the licenses in the admin portal. But that’s not efficient for enterprises that work with a larger user base. To address this challenge, Azure AD lets admins do this work with a group-based licensing feature. With this method, administrators onboard users by assigning them to the right group based on their role and needs, which then routes the proper license to that user automatically.
This group-based licensing feature is only available to companies with users subscribed to a paid plan for Azure AD Premium P1 or above. It is also available to users assigned to one of the following plans:
There are a few features that come with the group-based licensing functionality that streamline the method to deploy and assign licenses to users.
Licenses purchased through the portal or a cloud solution provider (CSP) can be assigned to any security group in Azure AD. These groups can originate from an on-premises Active Directory, a cloud-based Active Directory that syncs through Azure AD Connect or from a group created in Azure AD.
With Azure AD-group based licensing, the administrators get more control over what functionality or service plan is available in several ways:
To start with the group-based licensing, the administrator creates a group or uses an existing group from their on-premises Active Directory or a security group in Azure. With groups in Azure AD, an administrator can choose either create a dynamic group or a static group.
In a static group, the administrators must maintain the members through manual assignment of users, which can be done through Active Directory or PowerShell.
In a dynamic group, users can be automatically assigned membership based on specific rules that IT makes with the rule builder in the Azure portal. The tool makes it easy to form rules with expressions. The following are examples of expressions used to build dynamic groups.
A group membership based on department number information included in the user properties would look like this:
A group membership based on the display name that matches an expression would look like this:
A group membership for all users within the organization would look like this:
After selecting the group, the administrator can assign available licenses. After selecting a license, the administrator can make additional modifications to add or remove features or remove some of the services.
Administrators can also use the Microsoft Graph API and PowerShell to assign users to groups that get a specific set of licenses. The Graph Explorer is available to test the commands.
To assign a set of licenses to a security group, the following post-based command can be sent via Microsoft Graph API. The command requires the group unique identifier and the SKU IDs from Microsoft:
To display the list of groups available for licensing, run the following PowerShell command:
When verifying user license assignment from the Office 365 admin portal, administrators will see the two types of licenses that can be assigned to their users: a direct license given from the admin portal and inherited ones that come from the Azure AD group-based license.
Direct licenses are more flexible. The administrator can add or remove these licenses per user. Adjusting assignments from a group license requires creating a new group that has the added or removed features.
Using dynamic and static groups to assign licenses to a set of users streamlines license management for IT. This functionality is one way to efficiently upgrade a large group of users from one set of licenses into an another, which can be helpful for enterprises with a substantial user base.
From resource tagging to serverless deployments, there are several ways cloud admins can optimize Azure spending to stay within …
With alerts, cost analysis dashboards and other features, Azure cost management tools can help admins more clearly see their …
Discover the differences between Azure Data Factory and SSIS, two ETL tools. These contrasts include key data management features…
Windows 11 desktops can run into problems that don’t have a clear cause. Safe Mode runs a pared-down version of the OS, making it…
Microsoft’s Windows 11 2022 Update includes features for protecting sensitive corporate data and helping remote workers avoid …
When a Windows 11 desktop keeps restarting, there are a few factors that may be behind the issue. IT administrators should …
VMware has improved Horizon Cloud and added features to Workspace One UEM. It also plans to launch a managed virtual desktop …
Without a solid connection, remote desktops simply cannot function. When there are remote desktop connection issues, IT …
Citrix performance issues can be difficult to deal with. Fortunately, there are ways to prevent and troubleshoot them using …
All Rights Reserved, Copyright 2000 – 2022, TechTarget
Consider Azure AD group-based licensing for Office 365 users – TechTargetConsider Azure AD group-based licensing for Office 365 users – TechTarget https://eliteenterprisesoftware.com/wp-content/uploads/2022/09/wp-header-logo-933.png 0 0 Alan Dickson https://secure.gravatar.com/avatar/6162a8bbc0c962bebd372efbc1908402?s=96&d=mm&r=g