Dealing with the nuances of license management within Microsoft 365 has long been a challenge for administrators. The complex task of assigning and transferring licenses to each user individually can lead to inefficiencies and errors that hamper overall productivity. However, the solution lies in a game-changing approach called group-based licensing. By creating groups based on users’ roles, departments, or teams, this innovative feature provides a streamlined way to manage licenses. This task can be accomplished with the Azure portal (Entra admin center) or PowerShell.

Let’s dive into the nitty-gritty of improved license management and 🔎 explore the possibilities of group-based licensing.

What is Group-based Licensing in Microsoft 365?

Group-based licensing allows you to assign one or more license subscriptions to a Microsoft 365 group. Licenses assigned to the group are added to everyone who is added to the group, and the licenses are removed when they are removed from the group.

Prerequisites For Group-based Licensing

Your organization must meet the following prerequisites to process the group-based licensing.

  • Azure AD Premium P1 and above (Paid or Trial) or any one of the following Microsoft 365 Licenses (Paid or Trial)
    • Microsoft 365 Business Premium
    • Office 365 Enterprise E3
    • Office 365 A3
    • Office 365 GCC G3
    • Office 365 E3 for GCCH
    • Office 365 E3 for DOD and above

Note: You must be a license administrator, user administrator, or global administrator to utilize group-based licensing.

Set Up Group-based Licensing in Microsoft 365

Setting up group-based licensing in your Microsoft 365 environment is a straightforward process. Microsoft 365 Admins can set it up with any of the following methods.

Note: Admins must specify the usage location of the user, before assigning a group-based license. If not, the usage location will inherited from the location of the directory.

Create a Group-based License in Azure Portal

To create a group-based license in the Azure portal, you need to follow the below two steps.

Create a Group in the Azure Active Directory

The first step for the creation of a group-based license is to create a group in the Azure Active Directory. To create a group using the Entra admin center follow the steps below.

  1. Log in to the “Azure portal and head to the “Azure Active Directory” (Entra ID).
  2. Navigate to the “Groups” tab and select the “New group” option.
  3. Select the respective “Group type” and enter the “Group name”.
  4. Click on “No members selected” and go to the “Users” tab.
  5. Select the required users to assign group-based licenses.
  6. Click on the “Select” button and select the “Create” button.
Create a Group in Azure AD

After the creation of groups with users, you have to assign licenses. Follow the procedure below to assign licenses to Microsoft 365 groups.

  1. Head to the “Licenses” tab in the “Azure Active Directory”.
  2. Go to the “All products” tab and select (tick) the appropriate licenses to be assigned.
  3. Click on the “Assign” option.
Licenses in Azure AD
  1. Select the “Add users and groups” option.
  2. Choose the “Groups” tab and select the respective group and click on “Select”.
Assign License to a Group in Microsoft 365
  1. Click the “Next : Assignment options >” button and toggle “On/Off” the services available with the selected subscription pack.
Choose Services in License Assignment
  1. Click “Next: Assignment options >”, finally review the details and select the “Assign” option.

Now the licenses will assigned to the selected group.

Verify Group-based License Assignment

You can easily verify the group-based license assignment in the “Groups” tab of the Entra ID. To do so, follow the steps:

  1. Navigate to the respective group in the “Groups” tab.
  1. Select “Licenses”, there you can see a notification message displaying “License changes have been applied to all users”.
Group-based License Assignment Confirmation

This message represents the confirmation of the group-based license assignment.

Check Microsoft 365 License Assignment Path

To check whether the license is assigned directly or inherited from a group, follow the steps below.

  1. Head to the “Licenses” tab in the “Azure Active Directory”.
  2. Go to the “All products” tab and click on the selective licenses to be checked.
Check Microsoft 365 License Assignment Type

Group-based Licensing Using PowerShell

Though the Entra ID helps admins to manage Microsoft 365 services, many admins rely on PowerShell for its time-saving capabilities and to perform bulk operations.

You can adhere to the following steps to configure group-based licenses using PowerShell. As Microsoft has announced the deprecation of the Azure PowerShell modules, here we are using the Graph PowerShell module. Before getting started using PowerShell, make sure to connect to the Microsoft Graph PowerShell module.

Create Group with Microsoft Graph PowerShell

To create a group using graph PowerShell, execute the cmdlet below after replacing the respective values.

Substitute ‘true’ or ‘false’ based on your group needs. The ‘GroupTypes’ parameter with the value ‘Unified’ will create a Microsoft 365 group. To create a Security group, you can simply omit the ‘GroupTypes’ parameter.

Create a Group with Graph PowerShell

Note: Please note the “Id” after the creation of the group for future reference. This value will be needed for the addition of users in the groups and the license assignment.

Add Users to Group Using Graph PowerShell

To add users to a group using the graph PowerShell, you must know the ”Id” of each user to be added to the group. To know the “Id” of all the users run the comment below.

After the execution, take note of the “Id” for each respective user who will be added to the newly created group. Save these Ids in a CSV file following the format demonstrated below.

Add Users to Group CSV File Format

Once you create the CSV file, execute the following cmdlet with file location and group Id to add the users to the group.

Here, replace the <GroupId> with the Id, which is noted during the creation of the group.

Apply License to the Group Using MS Graph

Before assigning a license to the group, it is essential to determine the “SkuId” of the specific license to be assigned. To know the “SkuId” of the particular license, execute the cmdlet below.

Once you have the “SkuId”, use the following cmdlet, replacing the <GroupId> and <SkuId> with the appropriate values, to assign the license to the group.

Note: The above method would be useful for existing users to get group-based licenses. If you want to add users to the license group in the user creation itself, create a CSV file like the below format and execute the script.

User Creation CSV File Format

Replace <FileLocation> with the actual CSV file location and <GroupId> with the corresponding group ID for the license group.

Check Whether the License is Directly assigned or Inherited

After the assignment of licenses through groups, admins can easily check the license assignment path whether it is assigned directly or inherited from a group. The following script can help you to get the license assignment type. Here, replace the <SkuId> with the “SkuId” of the selective subscription.

Users License Assignment Type

The above script provides Microsoft 365 user report with the assignment type.

Common License Assignment Errors in Group-based License

The following license assignment errors may occur when you are assigning licenses in a group-based manner.

Conflicting Service Plans: This error may arise if one of the products listed in the group includes a service plan that conflicts with another service plan already assigned to the user by another product. To resolve this, you need to remove the user from the group.

This error displays as “MutuallyExclusiveViolationin PowerShell.

Not Enough Licenses: This error may occur if enough licenses are not available for the products that are specified in the group. You need to either purchase more or free up unused licenses from other users.

This error displays as “CountViolation” in PowerShell.

Limitations Of Group-based Licensing

Below is a list of some of the commonly known limitations regarding group-based licensing.

  • Doesn’t Support Nested Groups: Group-based licensing currently does not include the ability to add groups that contain other groups.
  • Only Suitable with Security Groups: This functionality is limited to security groups and Microsoft 365 groups with the attribute “SecurityEnabled” set to true.
  • License Assignment Type Visibility in M365 Admin Center: Group-based licensing is not currently supported in the Microsoft 365 Admin Center. Licenses assigned or inherited through a group appear as regular user licenses in Microsoft 365 admin center.
  • Affect the Performance with Directory Synchronization: Assigning or changing licenses to a large group of users (say 100,000 users) can have a negative impact on directory synchronization with Azure AD and on-premises systems.
  • Problem with Dynamic Groups: It is vital to ensure that the user is a member of a dynamic group before proceeding with the license assignment. This is necessary to facilitate proper license assignment.
  • Difficulty with High Loads: During high-load situations, there may be delays in processing license changes for groups or membership changes for groups with existing licenses. In such cases, you may need to contact Microsoft Support Services for any assistance.

Gain Enriched Microsoft 365 License Reports with AdminDroid for Completely Free!

In fact, this blog provides essential insights into group-based licensing within Microsoft 365. However, efficient management of assigned licenses in your Microsoft 365 environment is equally important. Proper license management and monitoring ensure optimal utilization of resources and adherence to license compliance. Don’t worry! Now, simplify the license management in your Microsoft 365 environment at zero cost with the assistance of AdminDroid Microsoft 365 reporting tool.

AdminDroid’s Microsoft 365 License Reporting gives unimaginable and free license reports, eliminating the need for complex PowerShell cmdlets. AdminDroid Microsoft 365 license usage reports allow admins to get reports in a few clicks. It also enables admins to get free license-related reports with three sections:

License Reports:

  • All Licensed Users Report
  • Licenses Assigned for Sign-in Disabled Users Report
  • Users by Assigned Subscriptions Report
  • Detailed License Provisioning Report
  • Unlicensed Users Report
  • Users With Free Subscriptions Report
  • Users With Trial Subscriptions Report

License Expiry Reports:

  • Users with Soon-to-Expire Purchased Subscriptions Report
  • Purchased Subscription Expired Users Report
  • Users with Soon-to-Expire Trial Subscriptions Report
  • Trial Expired Users Report
  • Users with Suspended Subscriptions Report

Subscription Report:

  • Subscription Usage Report
  • Expired Subscriptions Report
  • Unused Subscriptions Report
  • Purchased Subscriptions Report
  • Trial Subscriptions Report
  • Free Subscriptions Report
All Licensed Users Report – AdminDroid
Microsoft License Dashboard – AdminDroid

Moreover, AdminDroid’s free Azure AD reporting tool provides detailed reports of user-related information, giving administrators the ability to get Microsoft 365 user details. It generates extensive insights on Microsoft 365 user activities, user passwords, group activities, licenses, and subscriptions.

Also, admins can grab the entire visibility and track changes over Microsoft 365 accounts and groups activity through Azure Active Directory management, which offers a robust suite of 190+ reports.

Additionally, AdminDroid offers 1800+ reports and 30+ dashboards for all Microsoft 365 services such as SharePoint, Exchange Online, MS Teams, Power BI, Yammer, etc. Admins can experience all these reports in their Microsoft 365 domain free for 15 days with the premium edition.

Discover the advantages of AdminDroid by downloading it today and enjoy the benefits of a 15-day free premium edition trial.

Wrapping Up

In conclusion, we hope that the blog has provided you with an overview of group-based licensing in Microsoft 365. Do not stop with this! Give a try to auto-claim policies, which goes beyond group-based licensing. If you have any comments or questions, please don’t hesitate to contact us. We value your feedback and welcome any inquiries you may have!