Managing licenses and keeping track on who has which license assigned and how can be a time-consuming task. I’ve created a PowerShell script to summarize the subscriptions and licenses available and assigned in an Office 365 tenant. It is possible to assign licenses via Azure Active Directory Groups where each member will receive the assigned license. This script will also give an overview of group-based licensing. An subscription and license overview will be created in a HTML page with the following headers:
- List of all subscriptions
- It is possible you have multiple subscriptions on your Office 365 tenant. For example CSP and Enterprise Agreement licenses. This section will show you how many licenses are available for each subscription.
- List of all SKU’s combined
- This section will display the total amount of available licenses per SKU.
- List of all groups who have licenses connected to them
- This section will display all groups which are configured for group-based licensing. It will also display the current member count.
- List of all unlicensed users who have no role assigned
- It is possible that users don’t have a licence assigned but this section will give you an idea of users who don’t have a license and perhaps should be removed from the Azure Active Directory. It will also list if the user is blocked from logging in.
- List of all unlicensed users who have a role assigned
- Administrators don’t really need a license to operate so this section display’s all unlicensed administrators in your Office 365 tenant.
- List of all licensed users who have a role assigned
- This section will display the administrators that do have a license assigned. Should you run out of licenses you can first verify if this administrator really needs the license as you can perhaps better use it for employees.
- List of all licensed users who get their license directly
- This will show all users who have their license directly assigned. It will show an entry for each users license. It is possible that a license is assigned directly and using an Azure Active Directory group. If both exist the user will only show up under the list of all licensed users who get their license via group assignment. It will show here should the user be removed from the group.
- List of all licensed users who get their license via group assignment
- The last section will show the users who are getting their license via Azure Active Directory Groups.
Note that the licence is a less friendly name for the product. You can find the reference list at https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-service-plan-reference
I’ve also added an additional column “Synced” which will show if the user is an on-premises or cloud only account.
What is group-based licensing in Azure Active Directory?
Microsoft paid cloud services, such as Office 365, Enterprise Mobility + Security, Dynamics 365, and other similar products, require licenses. These licenses are assigned to each user who needs access to these services. To manage licenses, administrators use one of the management portals (Office or Azure) and PowerShell cmdlets. Azure Active Directory (Azure AD) is the underlying infrastructure that supports identity management for all Microsoft cloud services. Azure AD stores information about license assignment states for users.
Until now, licenses could only be assigned at the individual user level, which can make large-scale management difficult. For example, to add or remove user licenses based on organizational changes, such as users joining or leaving the organization or a department, an administrator often must write a complex PowerShell script. This script makes individual calls to the cloud service.
To address those challenges, Azure AD now includes group-based licensing. You can assign one or more product licenses to a group. Azure AD ensures that the licenses are assigned to all members of the group. Any new members who join the group are assigned the appropriate licenses. When they leave the group, those licenses are removed. This licensing management eliminates the need for automating license management via PowerShell to reflect changes in the organization and departmental structure on a per-user basis.
Creating the subscription and license overview
The PowerShell Gallery is a perfect solution to store your own scripts which you use on a regular basis where other people can also use them. The script can be found at https://www.powershellgallery.com/packages/get-O365LicenseOverview. I always recommend reading the code first as this is a script from the internet which can be found after clicking on “Show” at “FileList”
Installing the script
You can install the script using the below command
Install-Script -Name get-O365LicenseOverview
Running the script
An example has been provided in the script info section where we will be using this same example.
Run the following command in PowerShell
Get-O365LicenseOverview.ps1 -LogPath “C:\Install”
You will be asked to sign in with your Office 365 administrator account
The script will collect the data and build the HTML report. It will store the report on the specified location and it will also open the report in 5 seconds.
Please let me know if you want to see more information that should be valid for a subscription and license overview report in the comment section and I’ll add this to the PowerShell Gallery script. Please also let me know if you edited the script yourself and what you added or removed as I can learn from you in making this overview better.