Azure Active Directory Group Licensing Assignment Now Available

Microsoft now permits Azure Active Directory licensing to be assigned based on groups within an organization.

It may seem surprising, but the ability to assign licenses to groups of users is only just now at the "general availability" stage, according to a Microsoft Friday announcement. The general availability nomenclature signifies that Microsoft deems Azure AD group licensing assignment as being ready for production use by organizations.

Group assignment is perhaps a less tedious approach for organizations with lots of Azure AD end users to manage. Previously, IT pros could only assign Azure AD licenses individually, and if they wanted to then associate those licenses with certain groups within the organization, then they'd have to use PowerShell scripts, according to Microsoft's general document on Azure AD group-based licensing.

Microsoft's group-based licensing for Azure AD automates this process without using PowerShell scripts, per the document:

Any new members who join the group are assigned the appropriate licenses. When they leave the group, those licenses are removed. This eliminates the need for automating license management via PowerShell to reflect changes in the organization and departmental structure on a per-user basis.

Microsoft's document suggested that organizations won't get double-licensed with the Azure AD group licensing approach.

"If a user is assigned same license from multiple sources, the license will be consumed only once," the document explained.

Right now, one requirement for using this feature is that the groups must be assigned using the Azure Portal. Here's how Microsoft described it:

Group-based licensing is currently available only through the Azure portal. If you primarily use other management portals for user and group management, such as the Office 365 portal, you can continue to do so. But you should use the Azure portal to manage licenses at group level.

The steps to take when using the Azure Portal to assign group licensing are described in this Microsoft document.

It's possible to disable particular services when assigning a license to a group, which might be done if an organization isn't ready to use that service. Microsoft's example is disabling Yammer. It gets done using a toggle button.

The new group licensing assignment capability is available for organizations that have a paid or trial subscription to Azure AD Basic, Office 365 Enterprise E3, Office 365 A3 or higher subscription plans, and it'll work with other Microsoft services that have "user-level licensing." It can also be used when organizations have their local Active Directory synchronized with Azure AD via Microsoft's Azure AD Connect service.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Windows 10 Preview Adds Windows Subsystem for Linux 2 on ARM64 Devices

    Microsoft's latest Windows 10 preview release for testers (build 18980), announced on Wednesday, includes support for version 2 of the Windows Subsystem for Linux, plus ARM64 device support for WSL 2.

  • Microsoft Defender Advanced Threat Protection Evaluation Lab Now Available

    The Microsoft Defender Advanced Threat Protection (ATP) Evaluation Lab is now ready for use by organizations.

  • How Organizations Can Adapt to SharePoint's 'Modern' Shift

    In a September interview, SharePoint expert Asif Rehmani described how users, developers and organizations are dealing with SharePoint Online's so-called "modern" innovations.

  • Microsoft Urges LDAP Workaround Fix for Windows Systems

    Microsoft updated an August security advisory this week to urge organizations using the Lightweight Directory Access Protocol in supported Windows systems to implement some configuration changes manually.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.