Manage licenses in Microsoft Entra ID

Manage Microsoft Entra users and groups

📘Microsoft Certified: Azure Administrator Associate (AZ-104)

Manage Licenses in Microsoft Entra ID (Azure Active Directory)

Microsoft Entra ID (formerly Azure Active Directory, Azure AD) is the service that handles identity and access in Azure. Managing licenses in Entra ID is an important skill for an Azure Administrator because it ensures users have access to the correct Microsoft services like Office 365, Microsoft Teams, or Enterprise Mobility + Security (EMS).

Licenses in Microsoft Entra ID control what features and applications a user can access. Think of it as giving a user permission to use certain software.

1. Understanding Licenses

  • What is a license?
    • A license is a subscription to a Microsoft service that gives a user access to certain features.
    • Example: A Microsoft 365 E3 license gives access to Word, Excel, Teams, and security features like Conditional Access.
  • Why licenses matter:
    • Users cannot use services unless they have a license assigned.
    • Proper license management prevents unnecessary costs. You don’t want unused licenses wasting money.

2. Types of Licenses in Microsoft Entra ID

Licenses can be grouped in two ways:

A. Product Licenses

  • These are licenses for Microsoft products like:
    • Microsoft 365 Business Premium
    • Office 365 E3/E5
    • Microsoft Intune
    • Enterprise Mobility + Security (EMS)
  • These licenses include features like:
    • Cloud apps access (Teams, SharePoint, OneDrive)
    • Security features (Multi-Factor Authentication, Conditional Access)
    • Device management (Intune)

B. Add-on Licenses

  • Some products have optional extra features that you can assign separately:
    • Example: Microsoft Defender for Office 365 or Azure AD Premium P1/P2.

3. How Licenses are Assigned in Entra ID

Licenses can be assigned to users individually or through groups.

A. Assigning licenses to individual users

  1. Go to Microsoft Entra Admin Center → Users → Select a user → Licenses.
  2. Click Assign licenses.
  3. Choose the product license (e.g., Microsoft 365 E3) and click Save.
  4. The user now has access to all features included in that license.

Pros: Easy to manage for a few users.
Cons: Not efficient if you have hundreds of users.

B. Assigning licenses via groups

  • Best practice for larger organizations.
  • Use group-based licensing:
    1. Create a security group (e.g., Finance Team).
    2. Assign the license to the group.
    3. Any user added to that group automatically gets the license.
    4. Remove a user from the group → license is automatically revoked.

Benefits:

  • Automated license management.
  • Reduces human errors.
  • Scales well for large organizations.

4. License Features and Plans

  • Some products include multiple plans (features), and you can assign or disable individual plans:
    • Example: Office 365 E5 includes Teams, SharePoint, Exchange Online.
    • You can disable Exchange Online for a user if they don’t need email.
  • Important for the exam:
    • Be familiar with assigning or removing service plans within a license.

5. Removing Licenses

  • If a user no longer needs a service, you can remove the license:
    1. Go to the user in Entra ID → Licenses → Remove.
    2. Access to the product is revoked immediately.
    3. Data retention rules apply depending on the product (e.g., 30 days for deleted emails).

6. Checking License Usage

  • Azure provides reports to monitor license usage:
    • Assigned vs available licenses.
    • Which users have which licenses.
  • This helps admins ensure:
    • Compliance with license agreements.
    • Cost efficiency by reclaiming unused licenses.

7. Key Exam Points for AZ-104

You must know the following:

ConceptKey Notes
License assignmentAssign to users individually or via groups. Group-based licensing is preferred.
License removalRemove when users no longer need access; understand data retention.
Service plansSome licenses have multiple plans; you can enable or disable them.
ReportingCheck license usage to optimize costs and compliance.
AutomationUse Dynamic groups to automatically assign licenses based on user attributes (department, location).

8. IT-Relevant Example for Context

  • Scenario: A company buys Microsoft 365 E3 for all employees.
  • Admins create security groups like HR, Finance, and IT.
  • Admin assigns the E3 license to these groups:
    • All users in these groups automatically get Teams, Outlook, OneDrive.
  • If someone changes departments:
    • Remove them from Finance, add to IT.
    • Licenses adjust automatically.

This is exactly the kind of scenario you might see in the exam questions: group-based license management and service plan selection.

✅ Summary

  • Licenses control user access to Microsoft services.
  • Assign licenses individually or by group.
  • Group-based licensing is more efficient for large organizations.
  • Licenses may have multiple service plans, which can be enabled or disabled.
  • Always monitor license usage and reclaim unused licenses to optimize cost.
  • Dynamic group-based license assignment is a key feature for automation.
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by