Why the group-based licensing option in Azure AD for Microsoft 365 groups is not always available!

MVP

 

Dear Azure and Microsoft 365 friends,

 

Have you ever wondered why in Azure Active Directory you can work with the License function for some Microsoft 365 groups and not for others? This has to do with the property "SecurityEnabled". Let's explore this together. We'll look at two Microsoft 365 groups first.

 

Here under "Manage" the option License is not available!

_Gr1.JPG

 

Here under "Manage" the option license is it present!

_Gr2.JPG

 

Why is that? We find the answer with PowerShell!

 

I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments):

 

#The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE

Set-Location C:\Temp
Clear-Host

#We need the cmdlets
Install-Module -Name AzureAD -AllowClobber -Force -Verbose

 

#Sometimes the module must be imported
Import-Module AzureAD

 

#Lets connect to the Azure Active Directory
Connect-AzureAD

 

#Did it work?

Get-AzureADMSGroup

 

#We examine the "Technik" Microsoft 365 group for the property "SecurityEnabled" where the value false is returned!

(Get-AzureADMSGroup -SearchString "Technik").SecurityEnabled

 

#We examine the "IT-Administration" Microsoft 365 group for the property "SecurityEnabled" where the value true is returned!!

(Get-AzureADMSGroup -SearchString "IT-Administration").SecurityEnabled

 

This is exactly the reason why the license option is not available in the Microsoft 365 group "Technik" and in the Microsoft 365 group "IT-Administration" it is!

 

#We need the group ID

Get-AzureADMSGroup -SearchString "Technik"

 

#Now we change the value

Set-AzureADMSGroup -Id a8269c21-1059-4bb1-8937-7f2d6a6f6b92 -SecurityEnabled $true

 

Bingo! Now the license option is also available in the "Technik" group!

_Gr3.JPG

 

Explanation:

When you create a new Microsoft 365 group in the Microsoft 365 portal, you cannot work with group licensing in Azure Active Directory because the group's SecurityEnabled property has the value "false".

If you create a new Microsoft 365 group in Azure Active Directory, you can work with group licensing in Azure AD because the SecurityEnabled property has a value of "true".

 

Sure this wasn't super exciting, but I still wanted to share this information with you.


I hope this article was helpful for you? Thank you for taking the time to read this article.

 

Best regards, Tom Wechsler

 

P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler

5 Replies
You didn’t really tell us the root level of the issue, just how to fix it.. It’s still good info to know, but you should title this ‘How to fix’ instead of ‘have you ever wondered why?’
You are right, I forgot that part. Is corrected! Sorry!
I don't think this behavior is intentional.
I never said that either. It was simply a realization or experience.
I know you didn't say that and it wasn't meant as an accusation.

I was just putting myself in the shoes of all those who ask themselves: why did Microsoft choose this path?