Group based licensing in Microsoft 365 is not a new feature, but still a feature a lot of organizations is missing out on. Assigning licenses to groups instead of directly to users provides advantages related to automation, overview and more. Information of this is easily available on net, but I have been missing an automated way of providing uniform groups for the purpose.
Assigning licenses to users by group membership in Azure Active directory is consistently documented at Microsoft Learn and at several other online locations. The advantages of this are therefore not specifically mentioned in this blog post.
This blog post will focus on the creation of the groups in a uniform and automated way. Repeating manual tasks are not desired in a larger environment. This leads to small differences and configuration drift. By automating, we arrive at a uniform standard platform as quickly as possible.
There is no requirement to use dedicated groups. It is possible to use existing groups for assigning licenses. You can even nest groups. This blogpost will cover how I in an automated way can create a licensing group for each available SKU in the tenant by use of Microsoft Graph API.
When connected to MgGraph, I can list all SKUs in the tenant by using the following command:
There might be some SKUs coming out of that query where you don't want to create a belonging license group. I have taken this into account in my script and created a table where I can add SKUs to be excluded from the routine:
This gives me the opportunity to retrieve only a selection of SKUs from the tenant:
Naming SKUs in Tenant is also something I want to enrich related to the corresponding group names. I have seen many people solve this using manuallly maintained tables. I have instead chosen to import a CSV from Microsoft at run time. This CSV is regularly updated by Microsoft with friendly display names for each SKU part number.
With this information available, I can construct the DisplayName for my groups:
"RenameDisplayName" is a function I created to make some replacements of common abbreviations in the name. These are defined in a hash table:
The Function will then use information from this hash table to do text replacements in the group name:
Here is an example on how this will work out:
- SKU name received from tenant: SPE_E3
- Matched displayname from CSV: Microsoft 365 E3
- Displayname after my fynction: M365 E3
This should give a dynamic method for creating uniform group names in a preferred pattern based of available SKUs in the tenant and assign the corresponding SKU as assigned license to the group.
Putting this together, the final script will look like the following (also available on my GitHub):
When adding a user to one of these groups, a license will be assigned (as long as there are free licenses available in the tenant). As a bonus tip you can use the same group to assign software installations to the user's endpoints in Microsoft Intune!