Managing licenses for a large number of users in Office 365 can be a daunting task. Assigning licenses individually can be time-consuming and prone to errors. But Office 365 offers a solution to this problem with group-based licensing.
Azure AD group based licensing allows you to assign licenses to a group of users instead of individually. Office 365 group-based licensing makes it easier to manage licenses for a large number of users and ensures that everyone has access to the tools they need to do their job.
In this blog post, we will discuss the steps to implement group-based licensing in Office 365. By the end of this post, you will be able to streamline your license management process and ensure that your users have access to the tools they need to be productive.
Requirements
- A Microsoft 365 tenant with Azure AD Premium P1 (or higher) license.
- Available licenses (paid, free, or trial).
Create an Azure AD Security Group
Before you assign licenses to Azure ad groups, you must create the groups first. These groups will have members to whom the licenses will be assigned.
Log in to the Microsoft Entra admin center, navigate to Groups > All groups, and click New group.
Next, configure the new group properties as follows. In this example, I’m planning a group-based licensing with a proof of concept group whose members will not have the Yammer and Booking services.
- Group type: Security
- Group name: . The group name is entirely up to you to decide. It can be based on a department, project, or license suite.
- Group description: . Provide a description of the group so that other administrators would quickly identify the group’s purpose.
- Azure AD roles can be assigned to the group: No. The group is only for assigning licenses, not roles.
- Membership type: Assigned.
After configuring the group properties, click Create.
Once created, click the new group from the list.
Add Members to the Azure AD Security Group
In this environment, three users will be the members of the group. This ensures that only these three users will be assigned the group-based license.
Using the Portal
Following these instructions, you can add users to the group using the portal.
Inside the group’s page, click Members > Add Members.
Click Add members.
In the Add members fly out, click the users to be group members and click Select.
And they are now members of the group.
Using PowerShell
If there are multiple users to add as group members, doing so in PowerShell would be more efficient than selecting members individually in the portal.
There are several PowerShell modules available that allow you to add members to groups programmatically. But the quickest one to use is the Microsoft Azure Active Directory Module for Windows PowerShell.
Make sure to install the PowerShell module first. To do so, open Windows PowerShell and run the below command.
Install-Module -Name MSOnline
Connect to Azure AD by running this command.
Connect-MsolService
Simulating a bulk group membership update, we’ll create a new text file containing the login name of the users.
Now, get the object ID of the group. Replace “POC Group 1” with your group’s name.
Get-MsolGroup -SearchString "POC Group 1"
Make sure to copy the ObjectID value.
Finally, run the below code to add the members in the members.txt file to the group. Replace the -GroupObjectId parameter value with your group’s ObjectID.
Get-Content .\members.txt | ForEach-Object {
# Get the user's ObjectID
$userId = (Get-MsolUser -UserPrincipalName $_).ObjectId.ToString()
# Add the user to the group
Add-MsolGroupMember `
-GroupObjectId 'bce9a4a3-7deb-4e5b-9da7-7b4c842f9bb9' `
-GroupMemberObjectId $userId `
-GroupMemberType User
}
No output means no errors.
Run this command to list the group members. This is to confirm the users were added as members of the group.
Get-MsolGroupMember -GroupObjectId 'bce9a4a3-7deb-4e5b-9da7-7b4c842f9bb9'
Assign Licenses to the Azure AD Security Group
Now that we’ve created the group and added the members, we’re ready to implement the Azure AD group based licensing.
Navigate to the Entra admin center to Billing > Licenses > All products.
Select the license(s) you want to assign and click Assign.
Click the Add users and groups link, select the group from the list, and click Select.
Navigate to the Assignment options tab, select (turn on or off) licenses, and click Next: Review + assign. In this example, I’m turning off Microsoft Bookings and Yammer Enterprise.
Finally, click Assign.
Open the group’s properties and click Licenses. You will see the following message if the Azure AD group-based licensing was successful.
Remove Direct Licenses
Before implementing Azure AD group-based licensing, the users have been previously assigned licenses directly. But now that they’ve been included in the group-based licensing, the direct licenses should be removed, centralizing the license management via the group.
Per User
For example, the user ****Chuckie Finster**** below shows that it has two license assignment paths: Direct and Inherited (Group Name).
Click the license from the list to show the list of services. The greyed-out toggle buttons mean they were assigned through the Azure AD group-based licensing, while the enabled ones are from the direct license assignments.
To remove the direct license, click the Remove license button and click Yes to confirm.
The Direct license is now removed.
Multiple Users
You can also remove the direct licenses from multiple users. To do so, navigate to Billing > Licenses and click the license name.
In the Licensed users list, select the users with Direct and Inherited assignment paths, and click Remove license.
Click Yes to confirm the license removal.
And you will see the following notification.
And the users now only have an inherited license assignment path, which means they now have licenses only due to the Azure AD group licensing.
Conclusion
In conclusion, implementing Azure AD group-based licensing for Office 365 can bring many benefits to an organization, including simplifying license management, reducing costs, and ensuring compliance.
Following the step-by-step guide outlined in this blog post, you can easily set up this feature and take advantage of its benefits. It is important to note that group-based licensing requires careful planning and attention to detail, especially when it comes to assigning licenses to specific groups and managing license assignments for users who belong to multiple groups.
With proper planning and execution, this feature can be a valuable addition to your organization’s Office 365 licensing strategy.
