Azure Active Directory License Assignment for Groups

Azure01/06/2019

The Azure Active Directory has for some time been offering the ability to assign licenses to users such as EMS, Office 365 (Exchange, SharePoint, etc.), but can also provide groups with licenses. As soon as a user is added to a group, if there are still enough licenses available, the user will receive the corresponding license assigned to the group. This works with synchronized groups from the local Active Directory as well as with Azure AD Security and dynamic groups.

If a user belongs to more than one group and has activated the same license features (e.g. SharePoint (OneDrive)) or belongs to a group that has licenses for Office 365 with the Exchange and another one that has Office 365 Power BI assigned, these license assignments are automatically merged and an Office 365 license with the functions of both groups is activated for the user.

Here's is an example:

Notice: The license assignment to groups in the Azure AD is currently still a preview feature. Also Azure AD P1 licenses are required to use dynamic groups.

AWS Root Account Management For SSO Using Azure Active Directory Part 3

Using a central IAM provider is certainly a great thing. While setting SSO up for AWS, the management for the AWS root-users became a issue, because its required for them to have globally unique e-mail address. This might not a problem for small companies, but if you plan several hundred or even thousand of AWS-accounts, this becomes a nightmare real fast. In this post, I will go over one approach on how you can manage all your root-users with M365 offerings and some Azure services, pretty much for free. This is the third and final part of the series, that covers the API and deployment.

Azure AD - List Role Assignments

Retrieving a list of all Azure AD role assignments sounds easy enough, right? Well, there are some things to consider, here is waht.