In many projects where I am involved, group-based license management involves a basic part.
Setting up the pilot users, the production groups of users and of course, defining the license assignment that should be applied to each group.
For smaller tenants with simple requirements license management is not a big deal, but as you can imagine for larger tenants, automation is essential, and scripting could be a good approach, but sometimes could be challenging when complex licensing scenarios appears.
So what we can do in those cases? Use Azure AD Goup license Management! It’s a great solution included in our subscriptions and the only requirement that we have is to have Azure AD Basic, which always it is included
Ok, sounds great but what about limitations?
- Nested Groups: are not supported. If you try to apply a license to a nested group, only the first-level user members of the group will have the licenses applied.
- Security Groups: You can ONLY assign license to security groups. Security groups can be synced from on-premises or you can create security groups directly in Azure AD. Also you can go ahead with O365 groups, is it a supported scenario
- Inheritance: Inherited group licenses cannot be modified directly on a user. Not supported… if you need to change a license from a user, you will need to delete this user from the group
- Office 365 Admin Portal: no support for group-based licensing. You will have to administer it through Azure Portal. Remember, AAD are shared between O365 and Azure
- Conflicting service plans: Some service plans are configured in a way that they can’t be assigned to the same user as another, related service plan. For example: The E3 product contains service plans that can’t overlap with the plans that are included in E1, so the group license assignment will fail. To resolve this issue, you need to disable conflicting features.
- Dependencies: for example, licencing group could have a feature enabled that was dependent on another that wasn’t enabled.
That’s all for now!