Updating licenses– Planning and Managing Azure AD Identities

License management is also a task that is often performed via scripting.
In order to determine the licensing plan to assign, you’ll need to retrieve the list of valid products using the Get-MsolAccountSku cmdlet. After that, you can assign a license using the following format – tenant:LICENSINGPLAN:

Get-MsolAccountSku
Set-MsolUserLicense -UserPrincipalName [email protected] -AddLicenses “M365w520429:TEAMS_EXPLORATORY”

Figure 5.37 – Adding a license to a user
To assign a license with the Azure AD PowerShell is a bit more complicated, as it involves creating a special licensing object. In this example, we’ll assign the user named Aamir the TEAMS_EXPLORATORY license:

Get-AzureADSubscribedSku
$TeamsSku = Get-AzureADSubscribedSku | ? { $_.SkuPartNumber -eq “TEAMS_EXPLORATORY” }
$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$License.SkuId = $TeamsSku.SkuId
$LicenseToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$LicenseToAssign.AddLicenses = $License
Set-AzureADUserLicense -ObjectId [email protected] -AssignedLicenses $LicenseToAssign

Figure 5.38 – Adding a license with the Set-AzureADUserLicense cmdlet
In the final license example, we’ll use the Microsoft Graph PowerShell cmdlets. They work similarly to the Azure AD cmdlet, but the syntax requires a hash table to hold the license SkuId property:

$user = get-mguser -UserId [email protected] -Property *
$TeamsSku = Get-MgSubscribedSku -all | Where SkuPartNumber -eq “TEAMS_EXPLORATORY”
Set-MgUserLicense -UserId $user.Id -AddLicenses @{SkuId = $TeamsSku.SkuId} -RemoveLicenses @()

Figure 5.39 – Adding a license with the Set-MgUserLicense cmdlet
Depending on your licensing scenario, managing through one of the PowerShell interfaces may be the most efficient way to craft custom license configurations.
FURTHER READING
Managing licenses can be a complex topic, especially when considering options for enabling or disabling individual service plans within a license or replacing licensing options for users. You can see more in-depth information regarding the different capabilities of PowerShell-based licensing at https://learn.microsoft.com/en-us/microsoft-365/enterprise/view-licenses-and-services-with-microsoft-365-powershell.
Creating users
There are several scenarios where you may need to bulk-create users or contacts or bulk-invite users to your tenant. Frequently, when these operations are required, you will be working with source data stored in a CSV text file.
Previously, in the Performing bulk user management section, you used a specially formatted CSV to import objects into the Microsoft 365 admin center. You can use a similarly formatted CSV to perform the action with PowerShell.
In this set of examples, we’ve entered a few names into a CSV file (as shown in Figure 5.40) to demonstrate bulk user processing. While some of the administrative interfaces (such as the Microsoft 365 admin center) limit you to a maximum of 249 objects, you can process thousands of objects with PowerShell—the only real limitation is the memory on your computer.

Figure 5.40 – Bulk user template
First, we’ll perform the operation with the MSOnline cmdlets. We’ll begin by importing the CSV source file and storing it as a variable. Then, with a Foreach command, we’ll iterate through the lines in the CSV, using the values stored in the $User variable to provide the input for each of the parameters:

$Users = Import-Csv -Path C:\temp\ImportUsers.csv
Foreach ($User in $Users) { New-MsolUser -UserPrincipalName $User.UserPrincipalName -FirstName $User.FirstName -LastName $User.LastName -DisplayName $User.DisplayName -Title $User.JobTitle -Department $User.Department -UsageLocation $User.UsageLocation -Country US }

Figure 5.41 – Bulk creating users with New-MsolUser
Next, we’ll look at doing the same thing with the Azure AD cmdlets. As with the other examples in this section, you’ll see that the syntax follows a pattern, but there are other required parameters that must be specified. In the case of New-AzureADUser, that means a PasswordProfile object (which is used to specify a password) and MailNickName must be supplied:

$Users = Import-Csv C:\temp\ImportUsers.csv
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = “P@ssw0rd123”
Foreach ($User in $Users) { New-AzureADUser -UserPrincipalName $User.UserPrincipalName -GivenName $User.FirstName -Surname $User.LastName -DisplayName $User.DisplayName -JobTitle $User.JobTitle -Department $User.Department -UsageLocation $User.UsageLocation -Country $User.UsageLocation -AccountEnabled $True -MailNickname $User.UserPrincipalName.Split(“@”)[0] -PasswordProfile $PasswordProfile }

Figure 5.42 – Creating new users with New-AzureADUser
Finally, we’ll look at bulk user creation with the Microsoft Graph-based New-MgUser cmdlet. It has very similar parameters to the New-AzureADUser cmdlet, with the main differences being how the $PasswordProfile object is created and that the AccountEnabled parameter does not require an argument:

$Users = Import-Csv C:\Temp\ImportUsers.csv
$PasswordProfile = @{ Password = “P@ssw0rd123” }
PS C:> Foreach ($User in $Users) { New-MgUser -UserPrincipalName $User.UserPrincipalName -GivenName $User.FirstName -Surname $User.LastName -DisplayName $User.DisplayName -JobTitle $User.JobTitle -Department $User.Department -UsageLocation $User.UsageLocation -Country $User.UsageLocation -AccountEnabled -MailNickname $User.UserPrincipalName.Split(“@”)[0] -PasswordProfile $PasswordProfile }

Figure 5.43 – Creating new users with the New-MgUser cmdlet
As you can see, the flexibility and capability of the PowerShell interface allow you to do far more than what’s available in the graphical administration centers—with the trade-off that the parameters and syntax for the various modules can vary greatly.