Reporting Azure AD Group Licensing

Azure AD Group based licensing is a pretty awesome Office365 feature. It automatically assigns licenses based on the groups of a user. This group can be a security group synced from your on-premises Active Directory or an Azure AD Group.

I like to use this feature in hybrid environments. This way you can add a user to a specific group in your AD and he will receive the correct licenses in the cloud.

There is only one problem with this approach: you can easily overprovision your licenses. Azure AD won’t give you any type of warning when the amount of members exceed the amount of licenses you have. They even say it in their documentation:

For example, you might have run out of licenses, causing some users to be in an error state. To free up the available seat count, you can remove some directly assigned licenses from other users. However, the system does not automatically react to this change and fix users in that error state.
(Source: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-group-advanced)

To use this efficiently I want to be notified when I overprovision licenses, this is where Powershell comes in.
With the following command you can receive the groups that have licensing errors.

1	Get-MSOLgroup -HasLicenseErrorsOnly $true

Using this command it is easy to get the users whom have licensing errors.

The following PowerShell scripts reads out all the licensing errors and sends a formatted email report with all the errors that you currently have.
It also prints out a handy legend that shows more information about the current errors.

The full script (with synopsis and an example) can be found on my GitHub page – https://github.com/LeThijs/Azure-AD/blob/master/Get-AADLicenseErrors.ps1

Originally posted at Orbid365.