Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

licensing based on azure ad groups

Iron Contributor

Hello,

 

I tested licensing based on azure ad groups. It works fine, but I get one big problem.

I got 5 E3 license. Now I put 10 users in the group which assigned to the E3 license. After a short time, all 10 users have a E3 license assigned form the group.

How can get a report that we missed 5 licenses and must buy it? Or how can I handle it?

 

Regards

Stefan

13 Replies
This feature doesn’t have any reporting built in!
You could run some powershell scripts like this one!
https://gallery.technet.microsoft.com/office/Office-365-PowerShell-0ecdf3b9

In such scenarios, an error will be generated (CountViolation), and you can periodically go over the list of users with errors as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-ps-examples#get...

Vasil - am I understanding this correctly: CountViolation will (eventually) be generated when I have overbooked the number of User SLs for a given service I actually own? So the service isn't actually enforcing compliance (for the underlying User SLs) across the group???

Thanks for your Response.

 

But It dosent work. I have only 5 license. But the report showed that all is okay.

2018-11-08 21_41_53-Auswählen Windows PowerShell.png

 

Regards

Stefan

No, when licensing with groups you don’t get any error presented to you directly when you don’t have enough licenses, like you do when assigning per user! The users will be in an error state as you can see in Azure Ad under Licenses, and as @Vasil said powershell Reports this as a “countviolation”
Do you have any errors in licenses tab in Azure AD?

No there are no Errors.

In admin portal in subscriptions - what can you read from here? It’s not any trial licenses you still have?

No Trail license

 

2018-11-08 22_26_43-Microsoft 365 admin center - Abonnements - Internet Explorer.png

In the absence of accurate reporting, this is incredibly troubling.

The error is reported on the user object, there are examples on how you can get it via PowerShell in the article I linked.

Hi Stefan

I am assuming you've seen this, and azure ad does not show any errors...
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-resolve-...

Licenses blade in azure ad is where these errors should show up.

Regards

Yes there are not showing any Errors.