M365Corner
M365 PowerShell

Assign Microsoft 365 License On User Role or Department Basis

Managing licenses in Microsoft 365 can be a time-consuming task, especially when handling a large number of users with varying roles and departments. Automating this process with Graph PowerShell can significantly streamline your administration tasks. Below is a straightforward script to automate the assignment and removal of licenses based on user roles or department changes.


Prerequisites

  • Install the Microsoft Graph PowerShell module if not already installed by running Install-Module -Name Microsoft.Graph -Force -AllowClobber.
  • Authenticate with the required permissions using the following command: 
    Connect-MgGraph -Scopes "User.ReadWrite.All" "Directory.ReadWrite.All"

PowerShell Script

# Install the Microsoft.Graph module if not already installed
Install-Module -Name Microsoft.Graph -Force -AllowClobber

# Connect to Microsoft 365
Connect-MgGraph -Scopes "User.ReadWrite.All" "Directory.ReadWrite.All"

# Define the SKU ID for the license to be assigned/removed
$skuId = "your-sku-id-here" # Replace with your specific SKU ID

# Define filters based on roles or departments
$assignFilter = "Department eq 'Sales'"
$removeFilter = "Department eq 'HR'"

# Get users for assigning licenses
$salesUsers = Get-MgUser -Filter $assignFilter -ConsistencyLevel eventual -All

# Assign licenses to Sales department users
foreach ($user in $salesUsers) {
    $licenseDetails = @{
        AddLicenses = @(@{SkuId = $skuId})
        RemoveLicenses = @()
    }
    Set-MgUserLicense -UserId $user.Id -AddLicenses $licenseDetails.AddLicenses -RemoveLicenses $licenseDetails.RemoveLicenses
    Write-Output "License assigned to user: $($user.UserPrincipalName)"
}

# Get users for removing licenses
$hrUsers = Get-MgUser -Filter $removeFilter -ConsistencyLevel eventual -All

# Remove licenses from HR department users
foreach ($user in $hrUsers) {
    $licenseDetails = @{
        AddLicenses = @()
        RemoveLicenses = @($skuId)
    }
    Set-MgUserLicense -UserId $user.Id -AddLicenses $licenseDetails.AddLicenses -RemoveLicenses $licenseDetails.RemoveLicenses
    Write-Output "License removed from user: $($user.UserPrincipalName)"
}

# Disconnect from Microsoft 365
Disconnect-MgGraph

Script Explanation

Prerequisites:

  • Ensure the Microsoft.Graph module is installed and connected to your Microsoft 365 tenant.
  • The Connect-MgGraph command initiates a connection to Microsoft 365 with the required scopes for managing user licenses.

Define SKU ID:

  • The $skuId variable holds the SKU ID of the license you want to assign or remove. Replace "your-sku-id-here" with the actual SKU ID for the desired license. Run Get-MgSubscribedSku -All command to get the SKU ID.

Define Filters:

  • $assignFilter: Filter to select users from the Sales department.
  • $removeFilter: Filter to select users from the HR department.

Get Users and Assign Licenses:

  • Retrieves users in the Sales department and assigns the specified license to them. The loop iterates through each user and assigns the license using Set-MgUserLicense.

Get Users and Remove Licenses:

  • Retrieves users in the HR department and removes the specified license from them. The loop iterates through each user and removes the license using Set-MgUserLicense.

Disconnect:

  • The Disconnect-MgGraph command ends the session with Microsoft 365.

Enhancements

  • Logging: Implement logging to record actions taken by the script including any errors encountered.
  • Email Notifications: Add functionality to send email notifications to administrators about the license assignments and removals.
  • Dynamic Filters: Allow dynamic input of department names or roles to make the script more flexible and reusable.
  • Error Handling: Implement robust error handling to manage scenarios where the script encounters issues such as network errors or invalid user data.
  • Scheduling: Schedule the script to run at regular intervals using Windows Task Scheduler or Azure Automation ensuring licenses are always up to date based on user changes.

Conclusion

Automating license management in Microsoft 365 using Graph PowerShell simplifies administrative tasks, saving time and reducing the potential for human error. This script provides a straightforward way to assign and remove licenses based on user roles or department changes. With further enhancements, this script can become an even more powerful tool in your administrative toolkit.

Embrace automation and streamline your Microsoft 365 management with the power of Graph PowerShell!


Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell
Table of Contents

X

Table of Contents

© m365corner.com. All Rights Reserved. Design by HTML Codex