How to control O365 licensed products
I’ve had this conversation at least once a week for the past several months. Customers ask, how can they use PowerShell scripts to assign/control O365 licensing workloads assigned to end users? Don’t use a script, use Azure group-based licensing.
The problem with a script is, you must assign all workloads, then remove the ones you don’t need. And then, when one of the O365 product groups (PG’s) add in another workload, you have to go find out what that application named value is within your tenant, add it to the script process, and thus, you are always reactive. The better approach is to use a group that has licenses applied to be allowed, and then assign users to that group to use the assigned application(s).
It’s best to have a minimum of three groups:
- IT: with all workloads assigned, to evaluate any and all newly added applications to see and review any potential business use case.
- Help Desk: assigned all current workloads that users have access to, plus the next one that is to be released in say a month. This allows the HD to ramp up on support, documentation, troubleshooting answers, and general user questions for when the end users see the new application in their waffle choice of presented workloads.
- End Users: only have access to the current fully supported applications published to them.
As new applications/workloads are introduced into the O365 portfolio, the PG’s have spent many months/years and really want everyone to use their newly created feature right away. However, many companies want to evaluate and prepare for such a roll out to properly support the new cool feature. Thus, it’s in the best interest for many companies to control the roll out process to their end users.
Following the directions, it's actually quite easy to implement. Create an O365 modern group, assign licenses, add users. Pretty straight forward and works well.
The issue is, many customers may not look at the cool new shinny options as they become available and thus, the application that many people have developed, stressed over, worked with others, to provide a solution that will help many end users, may never see the light of day. So sometimes, some workloads have been turned on automatically for tenants. This causes issues for some tenant support people, which then typically have to manually turn off the workload after the fact. It’s a give and take for sure, but at least with Azure group-based licensing, tenant administrators have greater control over the workloads available to everyone using the technologies.