1

Find All Azure AD Groups That Auto Assign Licenses Using Powershell

Today I am going to show you how to find all Azure AD groups that auto assign licenses using Powershell. Whether you’re cleaning house or doing a simple audit to make sure everything is nice and tidy, you’ll want to know if you have any groups auto assigning licenses. Sometimes it may be the case that multiple groups are assigning the same license, or other times you want to know what’s being applied to where. All you’ll need is the MSOnline Module for Powershell.

If you have any questions, feel free to drop me a comment and I’ll do my best to get back to you.

Find All Azure AD Groups That Auto Assign Licenses Using Powershell

As mentioned above, it is required that you download and install the MSOL module to make sure this works. To do that running the following command.

Install-Module MSOnline
Connect-MsolService


#Get all groups that are auto assigning licenses
Get-MsolGroup -All | Where-Object {$_.AssignedLicenses -ne $null} | ft -AutoSize ObjectID, DisplayName, @{Name = 'AssignedLicense'; Expression = {$_.AssignedLicenses.AccountSkuId.SkuPartNumber}}

Get-MSOLGroup Assigned Licenses

In my environment I have an EMS E5 trial license being applied to my E1 Licensed users group. Basically, if a user has an E1 license, an Azure AD dynamic group will auto assign that same user to the Users with E1 License group, which will in turn automatically grant them an EMS E5 (EMSPremium) license. Pretty nice to have to have it all automated and check if user license is assigned directly or inherited from a group.

This was a fairly simple post with a Powershell one-liner to find all Azure AD groups that auto assign licenses using Powershell. Once you find the groups, it’s up to you to remove direct license assignment from Office 365/ Azure AD, or leave it as is.

Since MSOL / MSOnline is now deprecated, I with Microsoft would add this same property to the Get-AzureADGroup cmdlet but that’s still in the works I suppose.

5/5 - (8 votes)

Paul Contreras

Hi, my name is Paul and I am a Sysadmin who enjoys working on various technologies from Microsoft, VMWare, Cisco and many others. Join me as I document my trials and tribulations of the daily grind of System Administration.

One Comment

  1. $LicenseGroups = Get-MgGroup -All:$true -Filter “assignedLicenses/`$count ne 0” -ConsistencyLevel eventual -CountVariable LicGroups

Leave a Reply

Your email address will not be published. Required fields are marked *