When You are dealing with license assignment in Azure it is good to have unified approach preferable one that can automatize as much as possible a specially if you are running considerable number of accounts. The scenario that I found common is that in the initial Azure enrollment companies do not think about licensing assignment and go with the direct approach. Which is in most cases not a best approach. The easiest one to maintain is assigning licenses via groups. To evaluate the current situation it is good to identify directly assigned licenses and audit the license plan status. This can be later use to implement migration path. All of this is well documented in MS Docs.
MS Recommendation to Migration Process: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-migrate-users
MS PS scripts to identify the licensing assignment: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-ps-examples
So for the licenses we can use groups but can be also maintain via PS scripts. Both approach will need license reassignment automatization. To help with this task we can use this simple functions.
function Add-AzureLicense {
param (
[string]$userUPN,
[string]$licenseSKU
)
# Author: Maciej Jedryszek
$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$License.SkuId = (Get-AzureADSubscribedSku | Where-Object -Property SkuPartNumber -Value $licenseSKU -EQ).SkuID
$LicensesToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$LicensesToAssign.AddLicenses = $License
try {
Set-AzureADUserLicense -ObjectId $userUPN -AssignedLicenses $LicensesToAssign
Write-Host "`t`t Done / $userUPN Add: $licenseSKU" -ForegroundColor Green
return $true
} catch {
Write-Host "`t`t Fail / $licenseSKU" -ForegroundColor Red
return $false
}
}
function Remove-AzureLicense {
param (
[string]$userUPN,
[string]$licenseSKU
)
# Author: Maciej Jedryszek
$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$License.SkuId = (Get-AzureADSubscribedSku | Where-Object -Property SkuPartNumber -Value $licenseSKU -EQ).SkuID
$LicensesToRemove = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$LicensesToRemove.RemoveLicenses = $License.SkuId
try {
Set-AzureADUserLicense -ObjectId $userUPN -AssignedLicenses $LicensesToRemove
Write-Host "`t`t Done / $userUPN Rem: $licenseSKU" -ForegroundColor Green
return $true
} catch {
Write-Host "`t`t Fail / $licenseSKU" -ForegroundColor Red
return $false
}
}
Example Call:
PS > Remove-AzureLicense -userUPN $userupn -licenseSKU 'DYN365_ENTERPRISE_P1_IW' Script: Remove-AzureLicense Version: 0.1.2 Done / DYN365_ENTERPRISE_P1_IW
iexchangeIT 