A long awaited feature became this week available in the new Azure portal: Azure AD Group Based licensing. With this we have an one-stop-shop to assign licenses on a per user- or group based.
Azure AD Group Based licensing was already available in the classic Azure portal, however it was limited to Azure AD Premium, Azure Rights Management, Microsoft Intune and Enterprise Mobility + Security licenses. For other licenses like Office 365 we were designated to the Office 365 Admin portal or custom (automated) solutions such as PowerShell or Graph API.
With the introduction of Azure AD Group Based Licensing this became history. The new licensing node provides you a clear overview about your license household of your organization. This is your start point to add or assign licenses to users and groups.
Once selected an Azure AD Security group you’ve the option to assign the default licenses or differentiate based on your needs. Per license SKU you’re able to disable sub-licenses when desired
Licenses information can be retrieved from both user or group perspective. Within a single overview you’re able to determine which licenses has been assigned and which services has been enabled.
Further you’ve a clear overview how licenses are assignment (directly or inherited (based on group membership(s) as well as the state (active, disable).
Now the most excited part of this cool feature is group based license assignment especially the Office 365 part! I love this unified and consistent look and feel which ease license administration.
The default audit log functionality allows us to keep track of license assignment activities whether it’s intently or not.
Here are the main features of Azure AD Group Based licensing capability:
- Licenses can be assigned to any security group in Azure AD. Security groups can be synced from on-premises using Azure AD Connect, created directly in Azure AD (also called cloud-only groups), or created automatically via the Azure AD Dynamic Group feature.
- When a product license is assigned to a group, the administrator may disable one or more service plans in the product. Typically, this is done when the organization is not yet ready to start using a service included in a product, for example the administrator wants to assign Office 365 E3 product to a department but temporarily disable the Yammer Enterprise service.
- All Microsoft cloud services that require user-level licensing are supported. This includes all Office 365 products, Enterprise Mobility + Security, Dynamics CRM, etc.
- Group-based licensing is currently available only through the Azure portal. Customers who primarily use other management portals for user and group management, such as the Office 365 portal, can continue to do so, but will need to use the Azure portal to manage licenses at group level.
- Azure AD automatically manages license modifications resulting from group membership changes. Typically, a user joining or leaving a group will have their licenses modified within minutes of the membership change.
- A user may be a member of multiple groups with license policies specified; they may also have some licenses that were directly assigned to the user outside of any groups. The resulting user state is a combination of all assigned product and service licenses.
- In some cases, licenses cannot be assigned to a user; for example, because there are not enough available licenses in the tenant or conflicting services have been assigned at the same time. Administrators have access to information about users for whom Azure AD could not fully process group licenses; they can then take corrective action based on that information.
- During public preview, a paid or trial subscription for Azure AD Basic or higher is required in the tenant to use group-based license management. Also, every user inheriting any licenses from groups must have the paid Azure AD edition license assigned to them.
With Azure AD Group Based Licensing, licensing became cool as never before! :-)
- What is group-based licensing in Azure Active Directory?
- Azure Active Directory group-based licensing additional scenarios
- How to migrate individual licensed users to group-based licensing in Azure Active Directory