Forum Discussion
Group Based Licensing - assign using PowerShell?
Hi Folks,
I'm sure I don't need to explain what Group Based Licensing is and I'm wondering how on earth I can configure license plans and assign to groups using PowerShell. Is it even possible? There's absolutely nothing in the documentation at the moment. The official docs (https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign) run you through the process of using the Azure Portal to add licenses to groups, with no mention of PowerShell at all.
I've tried tinkering with Group objects in PowerShell, using both Msol (v1) and GraphAPI (v2) objects and tapping into the Licenses and AssignedLicenses (each have a 'set' accessor) but with no success. I can add a license to the 'AssignedLicenses' property, but I don't think there's any way to save it back.
I find group based licensing a really nice touch, though the way I see it at the moment, it still requires an admin to go to the Azure Portal to configure. That's a real shame. Am I missing something here?
Hi Jason Dunbar I published a PowerShell module (AzureADLicensing) which allows you to manage group based licensing (module uses unofficial API's but works fine though). https://tech.nicolonsky.ch/manage-azure-ad-group-based-licensing-with-powershell/
You should also be able to manage them via Graph (not sure if GA yet though): https://docs.microsoft.com/en-us/graph/api/resources/groups-overview?view=graph-rest-1.0#dynamic-membership
- Actually, PowerShell also supports it via https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsgroup?view=azureadps-2.0
VasilMichev thanks for your replies - though I wonder if you're seeing something in those pages that I'm not?
Here, I'm specifically talking about the Licensing of groups, using the Group Based Licensing concept of Azure AD. In other words, giving a license to a group, which all members then inherit.
Ha, seems I got distracted and thought about the dynamic groups membership instead... No, I'm not aware of any method to manage this outside of the Azure AD blade. Sorry...
Hi Jason Dunbar I published a PowerShell module (AzureADLicensing) which allows you to manage group based licensing (module uses unofficial API's but works fine though). https://tech.nicolonsky.ch/manage-azure-ad-group-based-licensing-with-powershell/
nicolonsky I had not seen this until I searched for the same challenge again and then found the my own post 🙂
Thanks for the module, I ended up achieving this through calling the Graph API and it looks to me that you're doing exactly the same.
I can only hope that one day we have a more unified management approach, it seems segmented at the moment; some stuff possible only in MSOL, some in AAD v2 PowerShell and some things in Graph API.
