Forum Discussion

Ron_Acker's avatar
Ron_Acker
Copper Contributor
Aug 27, 2019

Clarification of number licenses required.

Need help understanding the snippet below from the "What is group-based licensing in Azure Active Directory?" Microsoft page (https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal).  Are the licenses referred to in the second paragraph, the licenses you are assigning or the licenses of AADP1 or O365 E3 you need to be able to use group-based licensing?  I assume it is the former but is it not clear since they are using the term license in two ways.

Licensing requirements

You must have one of the following licenses to use group-based licensing:

  • Paid or trial subscription for Azure AD Premium P1 and above

  • Paid or trial edition of Office 365 Enterprise E3 or Office 365 A3 or Office 365 GCC G3 and above

Required number of licenses

For any groups assigned a license, you must also have a license for each unique member. While you don't have to assign each member of the group a license, you must have at least enough licenses to include all of the members. For example, if you have 1,000 unique members who are part of licensed groups in your tenant, you must have at least 1,000 licenses to meet the licensing agreement.

  • Wes Miller's avatar
    Wes Miller
    Brass Contributor

    Ron_Acker I think part of the complexity comes in because the answer to your question is the ever-vague "yes" reply that can often be used with licensing questions.

     

    Group-based licensing is problematic from a license compliance perspective because it's really licensed one of two ways:

    1. Through Office 365 E3+/A3+/G3+ (Only for use with groups managing Office 365 licenses.)
    2. Through AAD Premium P1+ (For use with any group-based license management, including the use of groups with dynamic membership.)

    So the sentence you're asking about depends on the group-based scenario in question.

     

    For example, both of these are true:

    • "For any groups assigned Office 365 E3 licenses, you must also have an Office 365 E3 license for each unique member."
    • "For any groups assigned AAD Premium P1 licenses*, you must also have an AAD Premium P1 license for each unique member."

    If you want to use group-based management for anything but Office 365 E3 (ironically including Office 365 F1), or to use capabilities like AAD groups with dynamic membership, you'd need each user to have a license for at least AAD Premium P1.

     

    *this could also include EMS, Windows 10 subscription activation, etc. - anything that supports group-based licensing. I just used AADPP1 in the scenario to keep it tidy. 

     

    These are the rules as I understand them based on conversations with the AAD team...

     

  • It's the number of licenses that "qualify" you to use the feature. But for any licensing question best talk to your TAM or local MS folks, nobody here is authorized to quote licensing terms on behalf of Microsoft.

    • Wes Miller's avatar
      Wes Miller
      Brass Contributor

      Both true. I'm definitely not authorized to speak for Microsoft or on their behalf, and I'd encourage everyone who gets second- or third-hand licensing advice to always verify it with Microsoft directly if possible - likely even do so twice.

       

      That said, we do put a lot of work into ensuring we understand the company's licensing guidelines, whether that's from the product terms directly, or in the case of AAD, working with product teams to find out the correct answers, since the licensing is poorly defined while also being notoriously easy to fall out of compliance with.

      .