If user accounts are synchronized using Azure AD Connect, no Microsoft 365 (formerly Office 365) license is assigned by default. In the default setting, a corresponding license must therefore be assigned manually so that the users can use the Microsoft 365 services.
However, this process can also be carried out automatically. In order for users to be automatically assigned a Microsoft 365 license, the synchronization rules of Azure AD Connect must first be adjusted so that the required "usageLocation" attribute is set. The actual license can then simply be assigned using a group.
Here is a short HowTo on how this works.
Incoming synchronization rule
First, a new incoming synchronization rule is created:
The new rule is now given a name and preferably also a descriptive description. The connected local Active Directory is specified as the "Connected System" and the remaining settings can be found in the following screenshot:
The settings for "Scoping filter" and "Join rules" do not need to be adjusted. The following setting must be defined under "Transformations":
- Flow Type: Expression
- Target attributes: usageLocation
- Merge Type: Update
The following rule can be used as a source:
|
1
|
IIF(IsNullOrEmpty(),"EN",) |
This rule now assigns the Usage Location Germany (DE) to each user if the AD attribute "c" is empty:
The new rule now causes user accounts for which the AD attribute "c" was not explicitly specified to use the location "Germany":
The usage location is required for assigning the licenses. The settings of the local AD are not changed, this setting only affects the data record in the Azure AD Connect database.
Outgoing synchronization rule
An outgoing synchronization rule is still required so that the usage location is now also transferred in the Azure AD:
Azure AD is now selected as the "Connected System". The remaining settings can be seen in the following screenshot:
The settings for "Scoping filter" and "Join rules" do not need to be adjusted. Only a new transformation rule with the following settings is required:
- FlowType: DIrect
- TargetAttribute: usageLocation
- Source: usageLocation
- MergeType: Update
Once the rules have been created, a full sync can be performed using Azure AD Connect.
Assign license via group
After the usage location has been set with the synchronization rules, a license can now be automatically assigned to users using a group. The "Licenses" item must be selected in the Azure Active Directory Admin Center:
Now select the license that is to be assigned to the users by means of a group, in this case it is an E3 plan:
In the last step, a group and the corresponding features can be selected.
All members of the group now receive a corresponding license.