Group-Based Azure AD Licensing Now Generally Available
Microsoft this month enabled organizations to assign Azure Active Directory licenses according to group.
Group assignment is perhaps a less tedious approach for organizations with lots of Azure AD end users to manage. Previously, IT pros could only assign Azure AD licenses individually, and if they wanted to then associate those licenses with certain groups within the organization, then they'd have to use PowerShell scripts, according to Microsoft's general document on Azure AD group-based licensing.
Microsoft's group-based licensing for Azure AD automates this process without using PowerShell scripts, per the document:
Any new members who join the group are assigned the appropriate licenses. When they leave the group, those licenses are removed. This eliminates the need for automating license management via PowerShell to reflect changes in the organization and departmental structure on a per-user basis.
Microsoft's document suggested that organizations won't get double-licensed with the Azure AD group licensing approach.
"If a user is assigned same license from multiple sources, the license will be consumed only once," the document explained.
Right now, one requirement for using this feature is that the groups must be assigned using the Azure Portal. Here's how Microsoft described it:
Group-based licensing is currently available only through the Azure portal. If you primarily use other management portals for user and group management, such as the Office 365 portal, you can continue to do so. But you should use the Azure portal to manage licenses at group level.
The steps to take when using the Azure Portal to assign group licensing are described in this Microsoft document.
It's possible to disable particular services when assigning a license to a group, which might be done if an organization isn't ready to use that service. Microsoft's example is disabling Yammer. It gets done using a toggle button.
The new group licensing assignment capability is available for organizations that have a paid or trial subscription to Azure AD Basic, Office 365 Enterprise E3, Office 365 A3 or higher subscription plans, and it'll work with other Microsoft services that have "user-level licensing." It can also be used when organizations have their local Active Directory synchronized with Azure AD via Microsoft's Azure AD Connect service.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.