Feb 06 2017
- last edited on
Jul 24 2020
What happens if a dynamic group is created and some of the members don't have an AAD Premium license assigned to them? Is there account excluded from the group? Is a warning provided? Are these groups audited by MS?
Feb 06 2017 09:14 AM
Feb 06 2017 12:18 PM - edited Feb 06 2017 12:49 PM
While reading https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-groups-wit... I saw the following:
Dynamic memberships for groups require an Azure AD Premium license to be assigned to+
I am concerned that it is very easy to violate the terms of the license.
I'm really wondering if we need to create our own tools to monitor compliance or if there is something provided by MS which I don't know about.
Feb 06 2017 11:51 PMSolution
This is an issue that has been discussed ever since Microsoft introduced AAD dynamic groups. Any account that comes under the scope of a query used for an AAD dynamic group - including those used for Office 365 dynamic groups - require a license. End of story.
The issue does not arise for enterprise tenants who license AAD premium for other reasons (like writeback to an on-premises AD). It does if you have no other reason to use AAD premium...