Manage Office 365 Licenses AD Group
Hello,
Since a few days, Microsoft finally allow us to manage the Office 365 licenses affectation with AD group. There are some prerequisites, but none of them are show stopper.
- Use a group in Azure AD (can be synced from AD)
- Azure AD Basic or above required for setup (during preview only)
- Nested groups won’t work (for now)
- Can’t be configured from PowerShell (for now)
- Only available from Azure portal (Not Office 365)
Manage Office 365 Licenses AD Group
First, you need to connect to the Azure portal with your Office 365 admin account, or you can connect to Office 365 admin page, and then open the Azure AD admin page:
Manage Office 365 Licenses AD Group – Azure AD Admin
Then, you need to use the new portal:
Manage Office 365 Licenses AD Group – Azure AD Admin New Portal
Next, go on the Azure AD blade:
Manage Office 365 Licenses AD Group – Azure AD
Next, Licenses:
Manage Office 365 Licenses AD Group – Azure AD Licenses
You need to choose which SKU you will manage by the Azure AD group. You can assign multiple groups for multiples SKU, you just need to repeat the operation for each group.
Manage Office 365 Licenses AD Group – Assign Licenses
Now, you can choose which Azure AD group (synced from AD or not) you want to use to auto affect Office 365 licenses:
Manage Office 365 Licenses AD Group – Assign Group
The last step is to choose your licenses template, indeed, you can only affect a subset of service plan if you want to:
Manage Office 365 Licenses AD Group – Licenses Options
And now you’re done:
Manage Office 365 Licenses AD Group – Licenses Assigned
Now, each time you put a user inside the group, it will have a Office 365 E3 license in matters of minutes after the Active Directory sync. If you make a combo AADConnect and this feature, you can assign licenses at light speed ! 30 minutes max between sync, then a few minutes for Azure AD to assign the license. You can now retire your old PowerShell script for managing licenses.
Verify Which Groups Assign Licenses
If you’ve configured this some time ago, and want to see which groups assigns licenses dynamically, you need to go on the portal, just like before, on then, click on the product name:
Manage Office 365 Licenses AD Group – Verify Licenses Groups
Then, you’ll see all the licensed users, but, you can also see the groups:
Manage Office 365 Licenses AD Group – Verify Licenses Groups by Product
If you click on the group, you’ll be able to modify some properties, and you’ll also be able to modify licenses options if you changed your mind:
Manage Office 365 Licenses AD Group – Group Properties
Keep Track about Licenses Activation Method
Now that you setup this new feature, you can start “migrating” the licenses affectation method from the “Direct” or “Inherited”. You can keep track of which one is used on a per user basis with the blade of the license and the “Licensed Users” view:
Manage Office 365 Licenses AD Group – Assignment Paths
Note: All of those users came from an old blog post.
Conclusion
This feature is very welcome, it simplify the licenses affectation process for Office 365 that was kind of painful previously. There was a lot of public PowerShell script to help us, but they all required some form of credentials on disk to be able to run on a schedule, and the schedule wasn’t great in much cases.
This feature enable or disable based on AD group membership within minutes after the group membership changed.