Managing licenses in Azure Active Directory (Azure AD) is one of the crucial topics in the Azure Administrator (AZ-104) exam. This exam evaluates your understanding of Azure principles, including managing Azure subscriptions and resources, deploying and managing virtual machines, configuring and managing virtual networks, and managing identities. Specifically, managing licenses in Azure AD involves assigning, reassigning, and removing licenses so as to control the resources a user can access.

Table of Contents

Azure AD Licensing Methods

There are two primary methods to assign licenses in Azure AD:

Direct Assignment:

You can directly assign licenses to users. This is usually done in the Azure portal. In direct assignment, you manually choose the user and then assign the required Azure AD licenses.

Set-AzureADUserLicense -UserPrincipalName johndoe@example.com -AssignedLicenses $licenses

Group-based licensing:

Azure AD’s group-based licensing allows you to assign licenses to a group. Any user who is a member of that group automatically gets the licenses assigned to that group.

New-AzureADGroup -DisplayName “License Group” -MailEnabled $false -SecurityEnabled $true -MailNickName “NotSet”

It’s worth noting that group-based licensing is available only for Azure Active Directory (Azure AD) premium and basic editions.

Managing Licenses in Azure AD

You can manage licenses in Azure AD through the Azure portal, Powershell, or Graph API.

Azure portal:

You can add or remove licenses from individual users or in bulk via the Azure portal. The Activity Logs in the portal can assist you in tracking these changes.

PowerShell:

You need the Azure AD module for PowerShell to manage licenses. The commands that you use to manage licenses include Get-MsolUser, Set-MsolUserLicense, Remove-MsolUserLicense, and New-MsolLicenseOptions.

Graph API:

Azure AD offers RESTful APIs that provide programmatic access to directory objects such as users, groups, and apps.

Monitoring License Usage

To keep track of license usage, Azure provides reports that you can access via portal. These include the active user report and the licensed user report.

Understanding License States

Users in Azure AD can have the following license states:

  • Licensed: The user has been assigned one or more licenses.
  • Unlicensed: The user has not been assigned any licenses.

Best Practices For License Management

  • Consider group-based licensing for easier management and ensure a user is not assigned redundant licenses.
  • Make use of Azure AD’s reporting capabilities to monitor license usage effectively.

In summary, license management in Azure AD offers control over the resources a user can access and assists in tracking the consumption of your Azure resources. While studying for the Azure Administrator (AZ-104) exam, make sure you understand the different ways to assign licenses, how to manage and monitor them, including using PowerShell and Graph API.

Practice Test

True/False: Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service.

  • True
  • False

Answer: True.

Explanation: Azure AD is Microsoft’s multi-tenant, cloud-based directory, and identity management service that provides benefits, including enterprise-level identity and access management for all your applications.

Single Select: Which of the following Azure service manages user identities and access?

  • a) Azure Active Directory
  • b) Azure Storage Account
  • c) Azure Functions
  • d) Azure Machine Learning

Answer: a) Azure Active Directory

Explanation: Azure Active Directory is Microsoft’s Cloud-based identity and access management service that helps your employees sign in and access internal and external resources.

Single Select: What are the roles that can assign licenses to users in Azure AD?

  • a) Global Administrator
  • b) Licenses Administrator
  • c) Both a & b
  • d) None of the above

Answer: c) Both a & b

Explanation: In Azure AD, both Global Administrators and Licenses Administrators can assign licenses to users.

True/False: You can’t manage licenses for a group in Azure AD.

  • True
  • False

Answer: False.

Explanation: Azure AD allows you to manage licenses for a group. You can assign a license template to a group that automatically distributes licenses to members of the group.

Multiple Select: What types of licenses can be managed in Azure?

  • a) Office 365 licenses
  • b) Azure AD Free licenses
  • c) Dynamics 365 licenses
  • d) Google Cloud licenses

Answer: a) Office 365 licenses, b) Azure AD Free licenses, c) Dynamics 365 licenses

Explanation: Azure AD can manage Office 365, Azure AD Free, and Dynamics 365 licenses. Google Cloud licenses are not managed via Azure AD, as it is a competing platform.

True/False: You can’t check the usage status of licenses in Azure AD.

  • True
  • False

Answer: False.

Explanation: Administrators can check the usage status of licenses in Azure AD. This offers a view of how these licenses are consumed.

Single Select: What happens when you remove a license from a user in Azure AD?

  • a) The user’s data is deleted
  • b) The user won’t be able to use the licensed service
  • c) A new user is created
  • d) The user’s role is changed

Answer: b) The user won’t be able to use the licensed service

Explanation: When you remove a license from a user, they will no longer be able to use the licensed service.

True/false: License reassignment in Azure AD is immediate once you delink it from a user.

  • True
  • False

Answer: True.

Explanation: In Azure AD, when a license is removed from a user, it is immediately available to be assigned to another user.

Single Select: How does Azure AD block the automatic assignment of licenses to specific users?

  • a) By using group tags
  • b) By using license groups
  • c) By using product locks
  • d) None of the above

Answer: c) By using product locks.

Explanation: Product locks in Azure AD block the automatic assignment of licenses to specific users.

True/False: Microsoft 365 licenses cannot be managed via Azure AD.

  • True
  • False

Answer: False.

Explanation: Microsoft 365 licenses can be managed via Azure AD, allowing administrators to control user access to Microsoft 365 services.

Interview Questions

What is a license in Azure Active Directory (Azure AD)?

A license in Azure AD is an agreement that gives you access to Microsoft online services.

How can you assign a license to a user in Azure AD?

You can assign a license to a user in Azure AD by navigating to the user’s profile, then selecting the Licenses tab and clicking on the Assign button.

Can you manage Azure AD licenses using PowerShell?

Yes, you can manage Azure AD licenses using PowerShell. It allows you to automate tasks such as assigning and unassigning licenses.

Is it possible to assign multiple licenses to a user in Azure AD?

Yes, you can assign multiple licenses to a user in Azure AD, as long as the licenses are not conflicting and the user does not exceed their allowed number of licenses.

Can you remove a license from a user in Azure AD?

Yes, you can remove a license from a user in Azure AD by navigating to the user’s profile, selecting the Licenses tab, and then selecting the license you want to remove.

What happens when a license is removed from a user in Azure AD?

When a license is removed from a user in Azure AD, the user will lose access to the services that were included in the removed license.

What is group-based licensing in Azure AD?

Group-based licensing in Azure AD allows you to assign licenses to groups. When you add or remove users from the group, the licenses are automatically assigned or removed.

What is Azure AD License Reconciliation?

Azure AD License Reconciliation happens when you sync your on-premises Active Directory with Azure AD and checks for any license assignment discrepancies. Any differences found are rectified during the process.

Is it possible to assign licenses based on user location in Azure AD?

Yes, it is possible to assign licenses based on user location in Azure AD using location-based licensing. This allows you to comply with your license requirements based on geographical location.

How do you view the status of a user’s license assignments in Azure AD?

You can view the status of a user’s license assignments in Azure AD on the Licenses page in the Azure portal or by using PowerShell.

Can you reassign a license from one user to another in Azure AD?

Yes, you can reassign a license from one user to another in Azure AD by first removing the license from the current user and then assigning it to the new user.

What is Azure AD license error – “Conflicting service plans within the same SKU”?

This error occurs when trying to assign a license that includes services already covered by another license, resulting in a conflict. You would need to remove the conflicting service from one of the assigned licenses.

What is a disabled plan in Azure AD License?

A disabled plan in Azure AD license is a service that is included in the license but is not available to the user. It is common to disable specific services when assigning a license.

Can you restore data after a license is removed in Azure AD?

Yes, you can restore data after a license is removed in Azure AD. However, Microsoft only retains this data for 30 days.

Is there any cost associated with Azure AD licenses?

Yes, Azure AD licenses are not free and there is a cost associated with them, which depends on the level of Azure service and the number of users.

Leave a Reply

Your email address will not be published. Required fields are marked *