Today I am going to show you how to find all Azure AD groups that auto assign licenses using Powershell. Whether you’re cleaning house or doing a simple audit to make sure everything is nice and tidy, you’ll want to know if you have any groups auto assigning licenses. Sometimes it may be the case that multiple groups are assigning the same license, or other times you want to know what’s being applied to where. All you’ll need is the MSOnline Module for Powershell.
If you have any questions, feel free to drop me a comment and I’ll do my best to get back to you.
Find All Azure AD Groups That Auto Assign Licenses Using Powershell
As mentioned above, it is required that you download and install the MSOL module to make sure this works. To do that running the following command.
Install-Module MSOnline Connect-MsolService #Get all groups that are auto assigning licenses Get-MsolGroup -All | Where-Object {$_.AssignedLicenses -ne $null} | ft -AutoSize ObjectID, DisplayName, @{Name = 'AssignedLicense'; Expression = {$_.AssignedLicenses.AccountSkuId.SkuPartNumber}}
In my environment I have an EMS E5 trial license being applied to my E1 Licensed users group. Basically, if a user has an E1 license, an Azure AD dynamic group will auto assign that same user to the Users with E1 License group, which will in turn automatically grant them an EMS E5 (EMSPremium) license. Pretty nice to have to have it all automated and check if user license is assigned directly or inherited from a group.
This was a fairly simple post with a Powershell one-liner to find all Azure AD groups that auto assign licenses using Powershell. Once you find the groups, it’s up to you to remove direct license assignment from Office 365/ Azure AD, or leave it as is.
Since MSOL / MSOnline is now deprecated, I with Microsoft would add this same property to the Get-AzureADGroup cmdlet but that’s still in the works I suppose.
$LicenseGroups = Get-MgGroup -All:$true -Filter “assignedLicenses/`$count ne 0” -ConsistencyLevel eventual -CountVariable LicGroups