Forum Discussion
dynamic group based on assigned license
I entered this to the Rule syntax box;
user.assignedPlans -any (assignedPlan.servicePlanId -eq "70d33638-9c74-4d01-bfd3-562de28bd4ba" -and assignedPlan.capabilityStatus -eq "Enabled")
Obviously change the SKU to the product you need which can be found here: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-service-plan-reference
worked perfectly.
The linked article from Thijs Lecomte is really great, although I had to taught this by myself.
This works perfectly for the dynamic group:
user.assignedPlans -any (assignedPlan.service -eq "TeamspaceAPI" -and assignedPlan.capabilityStatus -eq "Enabled")
To get Service names you can run PowerShell:Get-AzureADUser -SearchString "UserName" | Select -ExpandProperty AssignedPlans
The whole idea is that you can combine results by the part of the name using "contains" (to get all users licensed for AAD for. instance). I use it to get all users with any Teams License for any E or F licenses.
For the license separation you can use name that only exisit for the E3/E5 plan but you can do the same with Service Plan IDs.
I hope it helped.Because of the long time passed by, i've updated my personal documentation in the meantime, too.
Just in case someone stumbles upon this topic:
I personally prefer using the ServicePlan ID:
- Get ServicePlan ID via Powershell
- Get-AzureADUserLicenseDetail -ObjectId $user.objectid | Select-Object -ExpandProperty ServicePlans
- Get ServicePlan ID via Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer)
- Dynamic Rule Query
- user.assignedPlans -any (assignedPlan.servicePlanId -eq "xxx-xxx-xxx-xxx-xxx" -and assignedPlan.capabilityStatus -eq "Enabled")
Patrick, I am trying to understand what the problem was with your original solution? I am trying to do the same thing right now and was going to use your original solution, but am not following why you werent happy with it.
Thanks
- Get ServicePlan ID via Powershell
