First published on TechNet on Aug 07, 2017
Hello World, Daniel Lucas and Eroilton Borges is here, with a special thanks to Rodrigo Fonseca to helping about Hybrid Identity and review and contribute for this one, to talk about how to automatically assign Office 365 licenses in Azure AD, without need to run Powershell commands. Nowadays, when a new user needs to have Office 365 License, it is necessary run a Powershell command to set a location (Some Microsoft services are not available in all locations. Before a license can be assigned to a user, the administrator should specify the Usage location property on the user.) and assign a license. But now, it is possible to assign license in Azure AD based on groups, and it´s extremally helpful, because you don´t need to run script for every new user in your organization. First we need to stop the sync process before change the rules: Set-ADSyncScheduler -SyncCycleEnabled $false https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-cha... To complete this task, it´s necessary complete two steps : 1 – Add a AAD Connect Synchronization rule, to populate the attribute UsageLocation in Azure AD. 2 – Select Office 365 Products to assign license based on groups. AAD Connect Sync Rules: We´ll create two rules in AAD Connect: Note: The precedence number cannot conflict with any number in your rules. In our environment we set the numbers below, but you need to ensure that you don´t have any rules with the same precedence number. 1 – If the attribute "UsageLocation" is Null or Empty, we´ll populate with an unique country code (In my example "US"). 2 – Populate the ADDS Attribute with the Country Code 1 st rule :
2 nd rule :
Start-ADSyncSyncCycle -PolicyType Delta
Assign Office 365 License based on Groups : First, in this example, I created in my on-premises Active Directory, 3 security groups to select different Office 365 products: 1 – Outlook_License 2 – Skype_License 3 – Sharepoint_License After created, force a new Sync Cycle, and check in the Azure Portal if the Groups are populated. In the Azure Portal portal.azure.com , select the Azure Active Directory , then select " Licenses ". Under All Products , select Office 365 Enterprise E3 . Under Licensed Groups , select the Group that you want to assign Under Assignment Option , select which Products will be available for the Group. Now, you just need to populate your groups, and wait the Azure AD to assign the Licenses. Note: When a user is a part of two or more groups, the user will inherit the licenses combined and all products will be available for the user. If you want to know, how is the correct country code for my user, here is the information: https://en.wikipedia.org/wiki/ISO_3166-2 If you experience an error like “object reference is not set to an object”. Put “anything” in the tag field in the first screen and it will work. For more examples in how to assign group licenses using Powershell: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-ps-examples Hope that this article helps you. Daniel Lucas.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.