Forum Discussion

Silver Contributor

Feb 22, 2017

Solved

Azure AD group-based license management for Office 365 and more

This looks awesome - simplify licence management for Office 365, EMS, Dynamics 365 and more with the https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of...

Azure AD

microsoft 365

Nasos_Kladakis
Apr 05, 2017
Group-based licensing will be a feature of all the paid Azure AD editions. (And it is included now during the public preview period)

That means Azure AD Basic, Azure AD Premium P1 and P2 and of course EMS E3 and E5 that includes Azure AD Premium.

Also will be a feature of Office 365 E3 and Office 365 E5 when it becomes generally avaialble.

Now, for EDU organizations things are rather simple becasue Azure AD Basic is free for them so by adding the free Azure AD Basic edition to their tenant they can use Group-Based Licensing for all the related products.

I hope this helps

Nasos

Terry Munro

Copper Contributor

Mar 29, 2017

Greetings all,

My question is specifically in regards to end user licensing in the Education Sector, which is needed to use Azure AD Group Based Licensing.

Going by Source 1, all users who inherit a license via the group based licensing model will need an Azure AD Basic license (not Azure AD Free).

Going by Source 2, this will change once the functionality reaches GA.

Once this happens, "it will be included in Office 365 Enterprise E3 and similar products."

As Education licensing differs from the standard Enterprise E3, will this functionality be included at no cost for Student and Alumni licensing?

As you can imagine, a large University will have hundreds of thousands of Alumni and tens of thousands of Students. Having Education E3 include the Azure AD Basic licensing / eligibility for Azure AD Group based licensing for $0 will help for Staff, but if Azure AD Basic licensing is not included for Alumni and Students, the Education sector will not be able to afford to use this awesome functionality.

Can someone please provide clarity, and preferably a link to a valid Microsoft site, on how Azure AD Group Based Licensing and Azure AD Basic will apply to Staff, Students and Alumni.

Source 1 -

Link - https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-whatis-azure-portal
Features –
- During public preview, a paid or trial subscription for Azure AD basic or premium editions is required in the tenant to use group-based license management. Also, every user who inherits any licenses from groups must have the paid Azure AD edition license assigned to them.

Source 2 -

Link - https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/
It contains the following statement:
"While group-based license management is in public preview you will need an active subscription for Azure AD Basic (or above) in your tenant to assign licenses to groups. If you don’t have one, just sign up for an Enterprise Mobility + Security trial. Later, when this functionality becomes generally available it will be included in Office 365 Enterprise E3 and similar products."

MICHELLE SEIPEL

Brass Contributor

Apr 03, 2017

As it relates to Education, I know that we just purchased an EES agreement, and in so doing we were able to add the SKU 965-00002 for Azure Basic (AADB) for $0 to get this...but this does require an active EES agreement to add AADB for free. I just got this and it hasn't been applied to my portal yet, but I've been assured by Microsoft that is all you need to switch from user-based processing using Azure powershell scripts to using groups in Azure.

MICHELLE SEIPEL
Brass Contributor
Apr 05, 2017
As a follow-up since I was able to test this last night, Azure Basic ($0 if you have an EES, even though I don't have E3, just the regular faculty/student O365) does allow you to use Groups to assign Azure rights for applications. However, Azure Basic does not let you use dynamic groups. For example, I have a dynamic email group called "All Staff", but that group is not available to Azure when assigning application rights, because you need an Azure Premium, not Basic, license for dynamic groups. That means that I had to create a new "AllStaffAzure" group in O365 portal (I chose to hide that group since I'm only using it for assigning Azure rights) and I used Powershell to assign all staff accounts into that group, then I could set the Application in Azure (like Google Apps, EasyBib, etc.) to use that "AllStaffAzure" group, instead of having to assign each person individually. So it's still not as dynamic as I'd like, but it's easier for me to use Powershell to script users into an O365/Exchange group than Azure.
- Paul Hunt - Cimares
  MVP
  Apr 05, 2017
  That makes sense as Dynamic groups is specifically an Azure AD Premium offering.
  
  At the moment I'm tending towards recommending my clients create specific groups for licensing seperate from access and security groups unless they have very simple "give everyone an E3" requirements. This allows them to then create seperate license blocks for more enhanced uses if required.
  
  E.g.
  
  Office 365 Base E3 License group - Gives the 'Standard' offering to staff (could be used for basic O365 access too)
  Office 365 Exchange Plan 1 - Gives the basic e-mail functionality
  Office 365 Exchange Plan 2 - Gives the enhanced e-mail functionality.
  
  etc..
  
  I'm interested in other peoples approaches?
  
  Paul.
BrjannBrekkan
Microsoft
Apr 04, 2017
Nasos_Kladakis Should help explain what the intentions are around availbility of Group Based License management with regards to version of Azure AD.

Brjann Brekkan

- Azure AD Program Manager