Tag Archives: Azure AD group based licensing

#Azure AD : All about Azure Active Directory

IT has moved from Datacenter Era to the Cloud Era. Focus of the organizations have been changed from one specific set of vendors to the open world of technology. Since Datacenter came in inception, Identity has played a vital role and always been used to treat as a backbone of IT. Now in the new era of multi-cloud environment, Identity is playing a centric role that itself is a new beginning of Identity that has been extended from IT backbone to user-experience oriented.

Microsoft had played a key role in datacenter era by Windows Server Active Directory and now again playing a crucial role in multi-cloud environment by offering Azure Active Directory. Microsoft Azure Active Directory in not only a directory service but it is a complete cloud service that can fulfill all your identity and authorization needs. However, you may find there are couple of things related to identity that can’t be fulfilled by native AAD features but it is continuously evolving.

In this era, organizations don’t need SME for everything but they need design SME who has board understanding of complete end-to end solution stack starting from infrastructure technologies to application technologies.

I have written a series of blog posts on Microsoft Azure AD and these posts mainly focus on how to do it or you can say step-by-step guides backed by real-time scenarios.

Microsoft Azure Active Directory

Azure AD Connect

SSO to SaaS

Application Proxy

Multi-factor Authentication

Self-service Password Management

Self-service group management

Access Panel/My Apps

Dynamic groups membership

Pricing, Licensing and Support

Conditional Access

Custom domain names

Company branding

Cloud App Discovery

Group-based licensing

Identity Protection Part I

Identity Protection Part II

Identity Protection Part III

Privileged Identity Management Part I

Privileged Identity Management Part II

Privileged Identity Management Part III

Azure Active Directory Domain Services Part I

Azure Active Directory Domain Services Part II

Azure Active Directory Domain Services Part III

Azure Active Directory Domain Services Part IV

Device Management – Azure AD Registering

Device Management – Azure AD Join

B2B Collaboration

B2B Licensing


Error – SSPR_0029: We are unable to reset your password due to an error in your on-premises configuration.

Above series of blog posts have covered most of the areas of Azure Active Directory. You can bookmark this blog post for any Azure AD need, I’ll try my level best to add new Azure AD related posts in this series.


#AzureAD : Group-based licensing

Microsoft Azure AD simplifies the licensing management of Microsoft cloud services such as O365, Enterprise Mobility + Security, Dynamics CRM etc. by providing group-based licensing. A user could be part of the multiple groups and multiple licenses can be assigned through a single group or through multiple groups. However, a license can be assigned directly to the user if group based assignment is not needed. As Azure AD is a backbone for all identity needs of any Microsoft cloud services. Therefore, this group-based licensing can be managed through Azure AD. While assigning licenses to multiple users via group-based licensing, you may observe multiple permutation and combination of services enablement and license assignment. Let’s take an example to understand this scenario.

Inside Microsoft Technology is a company that deals in technical content writing and has two major teams. One team deals in writing and another teams deals in marketing. Company has O365 for business productivity and marketing team uses all the features that comes under E3 licenses and at the same time writing team also uses all the E3 features except Yammer because all the team members of writing team, don’t interact with others through corporate social networking. Rest of the teams have specific set of features enable to complete their jobs. Therefore, administrator can make two action plans for these groups for.

Plan1: Create a single group for both the teams and disable Yammer for the employees who don’t need it.

Plan2: Create one group for Marketing team and assign E3 licenses and create another group for writing team and assign E3 licenses but enable Yammer for only those users who need it.

Let see how to do it.

Go to the https://aad.portal.azure.com

Go to the Azure Active Directory and select Licenses

Under licenses, select all products.

Under all products, select specific products and click on Assign.

Go to the Licensed Groups under general, select “+ Assign”.

Select the specific group, which you want to license.

Go to the Assignment options, select specific products and then click on Ok.

Finally, click on Assign and you are done.