Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Removing users from a group with automatic assignment of licenses

Iron Contributor

We are considering using Group-based Licensing but I have not been able to figure out what happen if a user is removed from a group with automatic assignment turned on. Will the license be removed?

 

If the license is removed, will it make a difference if the user was also assigned a license either individually or by membership of another group?

2 Replies

@Jakob Rohde Yes, if the user gets removed from the dynamic group (based on the rules you set), the license will also be removed (in my exp and in our current setup/config it works this way).

 

There is a different in licence assignment (direct and inherited).

 

  • If a license is assigned directly (manually, by script or IAM system) the assignment path is "Direct".
  • If a license is assigned via dynamic group the assignment path is "Inherited" ( the GUI will also show you the dyn group the license is coming from).

You can see the through the AAD portal.

 

The direct assigned licenses (not inherited) will stay until you manually/script/etc removes it.

 

 

 

@Jakob Rohde I would add to this, if users currently have direct assigned licenses, you can set up your group assignments and add them to those, but they will then have both direct and inherited licenses for the same thing. So you then need to go and remove the direct assigned licenses, so they just end up with inherited. 

You can do this using powershell to remove the SKU or plan, in which case just the direct license is removed and the inherited license remains (since it cannot be removed). So it can be a little tricky to migrate a lot of users from direct to inherited.