Assign M365 licenses with Azure group-based licensing

Assign M365 licenses with Azure group-based licensing

What is an excellent way to manage and assign M365 licenses? If you have a small organization with a couple of users, you can assign the M365 licenses directly to the user. If you manage a large environment and want to have a structure, your best way is to assign any type of M365 licenses with Azure group-based licensing. In this article, you will learn how to assign M365 license with groups.


Add M365 license directly to user

If you don’t have many users in the organization, you can enable the licenses and apps to the user directly.

Sign in to Microsoft 365 admin center. Navigate to Active users and select the user. Click on Licenses and apps and any license (Microsoft Team Exploratory).

A better situation is to create groups and manage the M365 licenses from there. How will that work? Let’s see in the next step.

Azure group-based licensing

You can assign one or more product licenses to a group. Azure AD ensures that the licenses are assigned to all members of the group. Any new members who join the group are assigned the appropriate licenses. When they leave the group, those licenses are removed. This licensing management eliminates the need for automating license management via PowerShell to reflect changes in the organization and departmental structure on a per-user basis.

Azure group-based licensing requirements

Create M365 security groups on-premises

We recommend you create a base group, which you will assign the must-have M365 products. Create other groups for products that not everyone needs to use.

In this example, we will create two groups in Active Directory Users and Computers:

·         O365_Licenses_Microsoft_Team_Exploratory

·         O365_Licenses_Exchange

The security groups will look as below.

Verify security groups in Azure AD

Go to Microsoft Azure and sign in with your admin credentials.

If you search for the group, the chance is big that you will not see them.

It’s because Azure AD Connect needs to sync the on-premises objects to Azure AD.

Note: Verify in Azure AD Connect that the OU where you placed the security groups is enabled for syncing.

You can wait a maximum of 30 minutes, and it will synchronize the objects. Another option to speed it up is to force sync Azure AD Connect.

Sign in on the Azure AD connect server or make a remote session with PowerShell.

PS C:\> Start-ADSyncSyncCycle -PolicyType Delta

Share :

Add New Comment

 Your Comment has been sent successfully. Thank you!   Refresh
Error: Please try again