Archiwum kategorii: Azure

Azure License Management form PS>

When You are dealing with license assignment in Azure it is good to have unified approach preferable one that can automatize as much as possible a specially if you are running considerable number of accounts. The scenario that I found common is that in the initial Azure enrollment companies do not think about licensing assignment and go with the direct approach. Which is in most cases not a best approach. The easiest one to maintain is assigning licenses via groups. To evaluate the current situation it is good to identify directly assigned licenses and audit the license plan status. This can be later use to implement migration path. All of this is well documented in MS Docs.

MS Recommendation to Migration Process: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-migrate-users

MS PS scripts to identify the licensing assignment: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-ps-examples

So for the licenses we can use groups but can be also maintain via PS scripts. Both approach will need license reassignment automatization. To help with this task we can use this simple functions.

function Add-AzureLicense {
 param (
 [string]$userUPN,
 [string]$licenseSKU
 )

 # Author: Maciej Jedryszek
 $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
 $License.SkuId = (Get-AzureADSubscribedSku | Where-Object -Property SkuPartNumber -Value $licenseSKU -EQ).SkuID
 $LicensesToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
 $LicensesToAssign.AddLicenses = $License

 try {
 Set-AzureADUserLicense -ObjectId $userUPN -AssignedLicenses $LicensesToAssign
 Write-Host "`t`t Done / $userUPN Add: $licenseSKU" -ForegroundColor Green
 return $true
 } catch {
 Write-Host "`t`t Fail / $licenseSKU" -ForegroundColor Red
 return $false
 }
}
function Remove-AzureLicense {
param (
 [string]$userUPN,
 [string]$licenseSKU
 )

 # Author: Maciej Jedryszek
 $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
 $License.SkuId = (Get-AzureADSubscribedSku | Where-Object -Property SkuPartNumber -Value $licenseSKU -EQ).SkuID
 $LicensesToRemove = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
 $LicensesToRemove.RemoveLicenses = $License.SkuId
 try {
 Set-AzureADUserLicense -ObjectId $userUPN -AssignedLicenses $LicensesToRemove
 Write-Host "`t`t Done / $userUPN Rem: $licenseSKU" -ForegroundColor Green
 return $true
 } catch {
 Write-Host "`t`t Fail / $licenseSKU" -ForegroundColor Red
 return $false
 }
}

Example Call:

PS > Remove-AzureLicense -userUPN $userupn -licenseSKU 'DYN365_ENTERPRISE_P1_IW'
Script: Remove-AzureLicense
Version: 0.1.2
Done / DYN365_ENTERPRISE_P1_IW