none
Automating Exchange Online Licensing

    Question

  • Hi,

    Just wondering how people are automating Exchange Online license assignments these days (with Azure License Groups being available).

    We have MIM connecting HR to AD on-prem...then have AADConnect maintaining users in Azure AD.

    I was thinking to use something like the UserAccountControl attribute, push that up to Azure, and create Azure Groups with that...so if you are 'active' u get a license for Exchange Online, for example.

    However, I'm unsure of the reverse...the Exchange Online license first needs to be removed and only then can the Exchange Online mailbox be disabled...how have people automated this?

    Look forward to hearing back from the community.

    Thank you,

    SK

    Friday, May 25, 2018 4:09 AM

All replies

  • I have done this implementation. The solution is two fold:

    An AADC setup that is syncing our on-prem with cloud

    Create several groups on-prem, each for licensing different services (Exchange Online, SFB, Teams, SharePoint) and on cloud, we have enabled the services to be licensed for these groups. For example, a group named "Basic" that is enabled with (Exchange, SFB and Office) and another group for Enterprise Mobility

    Now that we have the above setup.. Adding license and removing license is automated in MIM. we are using MIM for provisioning users and terminating them.

    When a user account is created, MIM adds them to the right group (Basic and EMS) which get synced to cloud. In cloud, since the group is licensed with the services, user gets the license.

    When a user quits, script that disables the user mailbox, does remove the users from the groups. Which in turn removes the license.

    Does this answer your question?

    Cheers,

    Santo

    Friday, June 01, 2018 6:10 PM
  • thanks Santo, however, you first need to remove the license before you can run the 'disable-remotemailbox' cmdlet

    (according to the site: https://docs.microsoft.com/en-us/powershell/module/exchange/federation-and-hybrid/disable-remotemailbox?view=exchange-ps)

    "Remove a cloud-based mailbox but keep the associated on-premises user account. To do this, you first need to remove the Exchange Online license for the mailbox. Otherwise, the mailbox won't be removed."


    • Edited by Shim Kwan Monday, June 11, 2018 3:45 AM
    Monday, June 11, 2018 3:44 AM