Microsoft Previews License Management via Azure Active Directory and Rolls Out Slack Integration
Microsoft this week announced a new Azure Active Directory group-based license management scheme that's at the preview stage, plus Azure AD integration with Slack.
Slack is a maker of collaboration software that competes with Microsoft's new Teams service. Microsoft has announced that its Teams collaboration service, currently at the beta stage, is expected to get commercially released sometime this quarter. Despite those implicit competitive tensions between the two companies, the Slack and Microsoft Azure AD teams found time to collaborate on enabling "federated single sign-on" access for Slack users, as well as Azure AD automated provisioning.
The federated single sign-on access aspect didn't get much of a description in Microsoft's announcement. Presumably it means that Slack users can have their local credentials tied to Azure AD, via a federation server, so that they don't have enter a password twice to access services.
The Azure AD automated provisioning capability for Slack will enable the following capabilities, according to Microsoft's announcement:
- Enable the provisioning of Slack users based on their Azure AD "group membership or account status," and
- Permit the creation and management of groups in Slack "based on groups in Azure AD and Active Directory."
The automated provisioning capability enabled via Azure AD will require that organizations have Slack Plus, or better, licensing in place, or they'll need to be licensed to use Slack's new Enterprise Grid management product. The Azure AD automated provisioning capability is enabled via Slack's SCIM API, which is designed for use by Slack's single sign-on partners. However, the use of this API requires having a Slack Plus plan in place or better, Microsoft's tutorial document on the topic clarified.
Group-Based Licensing Management Preview
Microsoft also issued a preview this week of a new way to automatically assign and remove software licenses for end users using Azure AD. This "Azure AD group-based license management" scheme is based on the use of a "license template," which gets assigned to an Azure AD security group. Once that's set up, "Azure AD will automatically assign and remove licenses as users join and leave the group," Microsoft's announcement explained. The feature avoids having to use PowerShell to automate this capability.
"This [group-based licensing] eliminates the need for automating license management via PowerShell to reflect changes in the organization and departmental structure on a per-user basis," Microsoft explained, in its documentation.
Moreover, Microsoft added the capability with this software license management scheme to "selectively disable service components in product licenses." For instance, educational institutions might use this capability to remove Yammer licensing, which comes with some Office 365 subscriptions, Microsoft explained in a blog post. The ability to remove software licensing components applies to "all Microsoft Online Services that require user-level licensing," Microsoft's announcement clarified.
The automatic license modifications using this feature will happen "within minutes of the membership change," Microsoft's documentation explained. If a license assignment fails, administrators will have access to that information, Microsoft promised.
The Azure AD group-based management feature requires the use of the Azure management portal. It'll also be tied to using the Office 365 Enterprise E3 licensing or greater when it reaches "general availability" commercial status, according to Microsoft's announcement.
To use the preview, organizations will need an Azure AD Basic or greater subscription for their tenant. However, license inheritance from groups will only work for organizations that have paid Azure AD subscriptions, Microsoft's documentation indicated.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.